Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
y3x8pjQ1Ci.exe

Overview

General Information

Sample name:y3x8pjQ1Ci.exe
renamed because original name is a hash value
Original sample name:49212837ba25c47f2e11e30a5de4b52c07bb6f6972b339705fbc3502af1eb880.exe
Analysis ID:1572119
MD5:a243fe9d1cfb5bf4e5c21c6e4861e09c
SHA1:41e893ae4232e1a36346daa0238d77e6d8ccbf92
SHA256:49212837ba25c47f2e11e30a5de4b52c07bb6f6972b339705fbc3502af1eb880
Tags:exeuser-JAMESWT_MHT
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Opens network shares
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • y3x8pjQ1Ci.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\y3x8pjQ1Ci.exe" MD5: A243FE9D1CFB5BF4E5C21C6E4861E09C)
    • y3x8pjQ1Ci.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\y3x8pjQ1Ci.exe" MD5: A243FE9D1CFB5BF4E5C21C6E4861E09C)
      • systeminfo.exe (PID: 7444 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
        • conhost.exe (PID: 7460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 7528 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • cmd.exe (PID: 7620 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 7672 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • WerFault.exe (PID: 7892 cmdline: C:\Windows\system32\WerFault.exe -u -p 7356 -s 940 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.5% probability
Source: y3x8pjQ1Ci.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: qwebgl.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716045574.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447667246.00007FFE01365000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA7A2000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: y3x8pjQ1Ci.exe, 00000001.00000002.2449523439.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1700665862.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2449732576.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: y3x8pjQ1Ci.exe, 00000001.00000002.2447961993.00007FFE0E147000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447961993.00007FFE0E147000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449177275.00007FFE11ED3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: qwebp.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449293456.00007FFE120C6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716045574.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: y3x8pjQ1Ci.exe, 00000001.00000002.2443277853.00007FFDFAD76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448743363.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449405394.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449066366.00007FFE11EA9000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2445261952.00007FFDFB548000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1700541570.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: y3x8pjQ1Ci.exe, 00000000.00000003.1716881703.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2446970355.00007FFDFBAC7000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1691461720.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2449836518.00007FFE13303000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA83A000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: y3x8pjQ1Ci.exe, 00000001.00000002.2447359630.00007FFE007E5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2443277853.00007FFDFAD76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716881703.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449523439.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA83A000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449630143.00007FFE12E13000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: y3x8pjQ1Ci.exe, 00000001.00000002.2448743363.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: qwebgl.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448951805.00007FFE11BB3000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2440704865.00007FFDF9CEA000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2446652060.00007FFDFB9A4000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2435485084.0000023019C10000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447359630.00007FFE007E5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448363907.00007FFE0EB4E000.00000002.00000001.01000000.00000013.sdmp
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D89280 FindFirstFileExW,FindClose,0_2_00007FF769D89280
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF769D883C0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF769DA1874
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\Jump to behavior
Source: Joe Sandbox ViewIP Address: 104.20.22.46 104.20.22.46
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: nodejs.org
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crle
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlG
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlG
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlG
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AF10000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A784000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: qtbase_cs.qm.0.drString found in binary or memory: http://qt-project.org/
Source: qtbase_cs.qm.0.drString found in binary or memory: http://qt.io/
Source: qtbase_cs.qm.0.drString found in binary or memory: http://qt.io/licensing/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A200000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.color.org)
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A200000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A784000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsu
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A76D000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751017066.000002301A764000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435843995.000002301A100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437083482.000002301AA00000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B754000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1747328839.000002301A3C1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747482083.000002301A34B000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747221923.000002301A3B1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747188013.000002301A391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436181228.000002301A500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437083482.000002301AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920p
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A265000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751549369.000002301A8FF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B7CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1744742902.0000023019EC1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747482083.000002301A32E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436101458.000002301A400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2445261952.00007FFDFB548000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B754000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1748848293.000002301A72E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748400301.000002301A762000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748400301.000002301A752000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A762000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A72E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493AF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2442949176.00007FFDFA8E4000.00000002.00000001.01000000.00000014.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2447450999.00007FFE00820000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.openssl.org/H
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751549369.000002301A8FF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2445261952.00007FFDFB548000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc825U
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D889E00_2_00007FF769D889E0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA69640_2_00007FF769DA6964
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA5C000_2_00007FF769DA5C00
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA08C80_2_00007FF769DA08C8
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D810000_2_00007FF769D81000
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8A2DB0_2_00007FF769D8A2DB
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D9DA5C0_2_00007FF769D9DA5C
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D939A40_2_00007FF769D939A4
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D921640_2_00007FF769D92164
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D919440_2_00007FF769D91944
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8ACAD0_2_00007FF769D8ACAD
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8A4740_2_00007FF769D8A474
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA08C80_2_00007FF769DA08C8
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA64180_2_00007FF769DA6418
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA3C100_2_00007FF769DA3C10
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D92C100_2_00007FF769D92C10
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D91B500_2_00007FF769D91B50
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D9DEF00_2_00007FF769D9DEF0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D99EA00_2_00007FF769D99EA0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA5E7C0_2_00007FF769DA5E7C
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D935A00_2_00007FF769D935A0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D9E5700_2_00007FF769D9E570
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D91D540_2_00007FF769D91D54
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D95D300_2_00007FF769D95D30
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D980E40_2_00007FF769D980E4
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA40AC0_2_00007FF769DA40AC
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA18740_2_00007FF769DA1874
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D898000_2_00007FF769D89800
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D987940_2_00007FF769D98794
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D91F600_2_00007FF769D91F60
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D917400_2_00007FF769D91740
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA97280_2_00007FF769DA9728
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: String function: 00007FF769D82710 appears 52 times
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7356 -s 940
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqicns.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1719019216.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvg.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1700541570.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqgif.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1718068714.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebgl.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1703744876.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwbmp.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1718413093.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindows.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqico.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1695767457.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Network.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1692111086.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Core.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1691461720.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1698941352.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5WebSockets.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1696414329.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Qml.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1717180276.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebp.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1690951573.00000185493A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716512721.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpeg.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtga.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1717811209.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqoffscreen.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1697162545.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5QmlModels.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1698779964.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Svg.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvgicon.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1717487712.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqminimal.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716881703.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtiff.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dll. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1700665862.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1694135917.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Gui.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1716045574.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000000.00000003.1693378373.00000185493A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5DBus.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exeBinary or memory string: OriginalFilename vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449110450.00007FFE11EB3000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2435485084.0000023019C10000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2442949176.00007FFDFA8E4000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2440385815.00007FFDF9969000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenameQt5Gui.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449457309.00007FFE126D2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2447789350.00007FFE0139F000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2447450999.00007FFE00820000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibsslH vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449876909.00007FFE13306000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2443807074.00007FFDFAE50000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameQt5Core.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2440941632.00007FFDF9EB3000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenameQt5Widgets.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2448056430.00007FFE0E152000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2447184581.00007FFDFBACC000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449223624.00007FFE11EDE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2448994037.00007FFE11BB6000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2448805983.00007FFE11523000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449566488.00007FFE126FA000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449336163.00007FFE120CD000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449671760.00007FFE12E16000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2446457446.00007FFDFB780000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2446851184.00007FFDFBA0B000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilenameqwindows.dll( vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2448454415.00007FFE0EB6A000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs y3x8pjQ1Ci.exe
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2449774440.00007FFE130C9000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs y3x8pjQ1Ci.exe
Source: Qt5Core.dll.0.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal52.spyw.evad.winEXE@13/142@1/1
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7356
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882Jump to behavior
Source: y3x8pjQ1Ci.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile read: C:\Users\user\Desktop\y3x8pjQ1Ci.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\y3x8pjQ1Ci.exe "C:\Users\user\Desktop\y3x8pjQ1Ci.exe"
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Users\user\Desktop\y3x8pjQ1Ci.exe "C:\Users\user\Desktop\y3x8pjQ1Ci.exe"
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7356 -s 940
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Users\user\Desktop\y3x8pjQ1Ci.exe "C:\Users\user\Desktop\y3x8pjQ1Ci.exe"Jump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturerJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: msvcp140_1.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: y3x8pjQ1Ci.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: y3x8pjQ1Ci.exeStatic file information: File size 38750516 > 1048576
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: y3x8pjQ1Ci.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: y3x8pjQ1Ci.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: qwebgl.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716691787.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716149815.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716045574.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447667246.00007FFE01365000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA7A2000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: y3x8pjQ1Ci.exe, 00000001.00000002.2449523439.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1700665862.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2449732576.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: y3x8pjQ1Ci.exe, 00000001.00000002.2447961993.00007FFE0E147000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447961993.00007FFE0E147000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449177275.00007FFE11ED3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: qwebp.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449293456.00007FFE120C6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716409123.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716045574.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: y3x8pjQ1Ci.exe, 00000001.00000002.2443277853.00007FFDFAD76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448743363.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449405394.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449066366.00007FFE11EA9000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2445261952.00007FFDFB548000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1700541570.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: y3x8pjQ1Ci.exe, 00000000.00000003.1716881703.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1718905512.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2446970355.00007FFDFBAC7000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1691461720.00000185493A3000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2449836518.00007FFE13303000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA83A000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: y3x8pjQ1Ci.exe, 00000001.00000002.2447359630.00007FFE007E5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2443277853.00007FFDFAD76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716881703.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716231672.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716778068.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449523439.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2442629908.00007FFDFA83A000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1716324369.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2449630143.00007FFE12E13000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: y3x8pjQ1Ci.exe, 00000001.00000002.2448743363.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: qwebgl.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448951805.00007FFE11BB3000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2440704865.00007FFDF9CEA000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2446652060.00007FFDFB9A4000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1717056916.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2435485084.0000023019C10000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: y3x8pjQ1Ci.exe, 00000000.00000003.1703251838.00000185493A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2447359630.00007FFE007E5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: y3x8pjQ1Ci.exe, 00000001.00000002.2448363907.00007FFE0EB4E000.00000002.00000001.01000000.00000013.sdmp
Source: y3x8pjQ1Ci.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: y3x8pjQ1Ci.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: y3x8pjQ1Ci.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: y3x8pjQ1Ci.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: y3x8pjQ1Ci.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll0.0.drStatic PE information: section name: _RDATA
Source: opengl32sw.dll.0.drStatic PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvgicon.dll.0.drStatic PE information: section name: .qtmetad
Source: MSVCP140.dll.0.drStatic PE information: section name: .didat
Source: Qt5Core.dll.0.drStatic PE information: section name: .qtmimed
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
Source: qicns.dll.0.drStatic PE information: section name: .qtmetad
Source: qico.dll.0.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.0.drStatic PE information: section name: .qtmetad
Source: qtga.dll.0.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.0.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.0.drStatic PE information: section name: .qtmetad
Source: qminimal.dll.0.drStatic PE information: section name: .qtmetad
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python313.dll.0.drStatic PE information: section name: PyRuntim
Source: qoffscreen.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebgl.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.drStatic PE information: section name: .qtmetad
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\select.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D876C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF769D876C0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\select.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18259
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeAPI coverage: 1.8 %
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D89280 FindFirstFileExW,FindClose,0_2_00007FF769D89280
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF769D883C0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF769DA1874
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\Jump to behavior
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2436181228.000002301A500000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fQEMU
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A375000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWR
Source: y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748848293.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: y3x8pjQ1Ci.exe, 00000001.00000002.2440187517.00007FFDF9958000.00000008.00000001.01000000.0000001D.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF769D8D12C
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA3480 GetProcessHeap,0_2_00007FF769DA3480
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8D30C SetUnhandledExceptionFilter,0_2_00007FF769D8D30C
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF769D8D12C
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D9A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF769D9A614
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF769D8C8A0
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Users\user\Desktop\y3x8pjQ1Ci.exe "C:\Users\user\Desktop\y3x8pjQ1Ci.exe"Jump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturerJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA9570 cpuid 0_2_00007FF769DA9570
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\sip.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtWidgets.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtGui.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qminimal.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qoffscreen.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwebgl.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwindows.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\Desktop\y3x8pjQ1Ci.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72882 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769D8D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF769D8D010
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeCode function: 0_2_00007FF769DA5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF769DA5C00

Stealing of Sensitive Information

barindex
Opens network shares
Source: C:\Users\user\Desktop\y3x8pjQ1Ci.exeFile opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.pyJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		12
Virtualization/Sandbox Evasion		OS Credential Dumping1
Network Share Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory2
System Time Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager141
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS12
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing		LSA Secrets1
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync44
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572119 Sample: y3x8pjQ1Ci.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 52 39 nodejs.org 2->39 45 AI detected suspicious sample 2->45 9 y3x8pjQ1Ci.exe 153 2->9         started        signatures3 process4 file5 31 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->31 dropped 33 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 9->33 dropped 35 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 9->35 dropped 37 57 other files (none is malicious) 9->37 dropped 12 y3x8pjQ1Ci.exe 9->12         started        process6 dnsIp7 41 nodejs.org 104.20.22.46, 443, 49732 CLOUDFLARENETUS United States 12->41 47 Opens network shares 12->47 16 systeminfo.exe 2 1 12->16         started        19 cmd.exe 1 12->19         started        21 WerFault.exe 19 16 12->21         started        signatures8 process9 signatures10 43 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->43 23 conhost.exe 16->23         started        25 WmiPrvSE.exe 16->25         started        27 WMIC.exe 1 19->27         started        29 conhost.exe 19->29         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
y3x8pjQ1Ci.exe0%ReversingLabs
y3x8pjQ1Ci.exe4%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140_1.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Core.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5DBus.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Gui.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Network.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Qml.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5QmlModels.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Quick.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Svg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5WebSockets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Widgets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\d3dcompiler_47.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\opengl32sw.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qgif.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qicns.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qico.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qjpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qsvg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtga.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtiff.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwbmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwebp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qminimal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qoffscreen.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwebgl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwindows.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtCore.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtGui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtWidgets.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\sip.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72882\VCRUNTIME140.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.color.org)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nodejs.org
104.20.22.46
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://github.com/giampaolo/psutil/issues/875.y3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B754000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zipy3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B7CC000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-filey3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://goo.gl/zeJZl.y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AF10000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8BD000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://tools.ietf.org/html/rfc2388#section-4.4y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A76D000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751017066.000002301A764000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A762000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://packaging.python.org/en/latest/specifications/entry-points/#file-formaty3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963y3x8pjQ1Ci.exe, 00000001.00000002.2437083482.000002301AA00000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://peps.python.org/pep-0205/y3x8pjQ1Ci.exe, 00000001.00000003.1744742902.0000023019EC1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747482083.000002301A32E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436101458.000002301A400000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://crl.dhimyotis.com/certignarootca.crly3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://curl.haxx.se/rfc/cookie_spec.htmly3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            http://ocsp.accv.esy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamey3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyy3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688y3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://httpbin.org/gety3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.xrampsecurity.com/XGCA.crlGy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codey3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://qt.io/licensing/qtbase_cs.qm.0.drfalse
                                            		high
                                            https://wwww.certigna.fr/autorites/0my3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readery3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/python/cpython/issues/86361.y3x8pjQ1Ci.exe, 00000001.00000003.1747328839.000002301A3C1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747482083.000002301A34B000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747221923.000002301A3B1000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1747188013.000002301A391000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://mail.python.org/pipermail/python-dev/2012-June/120787.html.y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A784000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://httpbin.org/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://wwww.certigna.fr/autorites/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduley3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesy3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.color.org)y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syy3x8pjQ1Ci.exe, 00000001.00000003.1747354714.0000023019EE6000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadatay3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.securetrust.com/STCA.crly3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://wwwsearch.sf.net/):y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/python/importlib_metadata/wiki/Development-Methodologyy3x8pjQ1Ci.exe, 00000001.00000002.2436181228.000002301A500000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.accv.es/legislacion_c.htmy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crl.xrampsecurity.com/XGCA.crl0y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.quovadisglobal.com/cpsuy3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.cert.fnmt.es/dpcs/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://google.com/maily3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://packaging.python.org/specifications/entry-points/y3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.accv.es00y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.python.org/psf/license/)y3x8pjQ1Ci.exe, 00000001.00000002.2445261952.00007FFDFB548000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyy3x8pjQ1Ci.exe, 00000001.00000003.1746012613.0000023019EED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/3539y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437083482.000002301AA00000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://google.com/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://mahler:8092/site-updates.pyy3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751549369.000002301A8FF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.securetrust.com/STCA.crlGy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://crl.securetrust.com/SGCA.crly3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://.../back.jpegy3x8pjQ1Ci.exe, 00000001.00000002.2437336592.000002301AD20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://tools.ietf.org/html/rfc7231#section-4.3.6)y3x8pjQ1Ci.exe, 00000001.00000003.1748848293.000002301A72E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748400301.000002301A762000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748400301.000002301A752000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A762000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749656534.000002301A72E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://httpbin.org/posty3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcey3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/Ousret/charset_normalizery3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.firmaprofesional.com/cps0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A200000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specy3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/urllib3/urllib3/issues/2920y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.securetrust.com/SGCA.crl0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datay3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://yahoo.com/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.securetrust.com/STCA.crl0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.securetrust.com/SGCA.crlGy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://html.spec.whatwg.org/multipage/y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.quovadisglobal.com/cps0y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A784000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A784000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crly3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsy3x8pjQ1Ci.exe, 00000001.00000002.2437166894.000002301AB00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.rfc-editor.org/rfc/rfc8259#section-8.1y3x8pjQ1Ci.exe, 00000001.00000002.2435728506.0000023019EC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://qt-project.org/qtbase_cs.qm.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://requests.readthedocs.ioy3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://repository.swisssign.com/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A200000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://crl.xrampsecurity.com/XGCA.crly3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/urllib3/urllib3/issues/2920py3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.python.orgy3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1749828605.000002301A2F4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1748458294.000002301A2F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.rfc-editor.org/rfc/rfc825Uy3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.accv.es/legislacion_c.htm0Uy3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.aiim.org/pdfa/ns/id/y3x8pjQ1Ci.exe, 00000001.00000002.2439899341.00007FFDF96EA000.00000002.00000001.01000000.0000001D.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://ocsp.accv.es0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A93F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.python.org/y3x8pjQ1Ci.exe, 00000001.00000003.1750983301.000002301A8E5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751549369.000002301A8FF000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A8F5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://json.orgy3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A265000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://requests.readthedocs.ioey3x8pjQ1Ci.exe, 00000001.00000002.2437461046.000002301AEA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://docs.python.org/3/howto/mro.html.y3x8pjQ1Ci.exe, 00000001.00000002.2435843995.000002301A100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagey3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://twitter.com/y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://stackoverflow.com/questions/4457745#4457745.y3x8pjQ1Ci.exe, 00000001.00000002.2438479060.000002301B754000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.quovadisglobal.com/cpsy3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduley3x8pjQ1Ci.exe, 00000001.00000002.2435551587.0000023019D44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://google.com/y3x8pjQ1Ci.exe, 00000001.00000002.2435922846.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A27E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A820000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1751618624.000002301A2DE000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://google.com/mail/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A6C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://google.com/mail/y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1752326126.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/urllib3/urllib3/issues/3290y3x8pjQ1Ci.exe, 00000001.00000002.2437250545.000002301AC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.openssl.org/Hy3x8pjQ1Ci.exe, 00000001.00000002.2442949176.00007FFDFA8E4000.00000002.00000001.01000000.00000014.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2447450999.00007FFE00820000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://crl.certigna.fr/certignarootca.crl01y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A93F000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A9B4000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1775778311.000002301A9AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://qt.io/qtbase_cs.qm.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://www.cert.fnmt.es/dpcs/0y3x8pjQ1Ci.exe, 00000001.00000002.2436262953.000002301A60E000.00000004.00000020.00020000.00000000.sdmp, y3x8pjQ1Ci.exe, 00000001.00000003.1776076918.000002301A7D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          104.20.22.46
                                                                                                                                                                                                          		nodejs.orgUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1572119
                                                                                                                                                                                                          Start date and time:2024-12-10 06:52:41 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 9m 49s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                          Number of analysed new started processes analysed:15
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:y3x8pjQ1Ci.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:49212837ba25c47f2e11e30a5de4b52c07bb6f6972b339705fbc3502af1eb880.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal52.spyw.evad.winEXE@13/142@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.189.173.21, 172.202.163.200, 20.190.147.10, 13.107.246.63
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          104.20.22.46download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  sDKRz09zM7.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                    kwlYObMOSn.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                      8Hd0ZExgJz.exeGet hashmaliciousBlank Grabber, Umbral Stealer, XWormBrowse
                                                                                                                                                                                                                        IM3OLcx7li.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                          cgqdM4IA7C.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                            hKWBNgRd7p.exeGet hashmaliciousXWormBrowse

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              nodejs.orgdownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.22.46
                                                                                                                                                                                                                              download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.22.46
                                                                                                                                                                                                                              download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.22.46
                                                                                                                                                                                                                              download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.23.46
                                                                                                                                                                                                                              check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.23.46
                                                                                                                                                                                                                              check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.22.46
                                                                                                                                                                                                                              az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.20.23.46
                                                                                                                                                                                                                              sDKRz09zM7.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                              • 104.20.22.46
                                                                                                                                                                                                                              kwlYObMOSn.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                              • 104.20.22.46

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              http://228248301.318066806.953596959.876699408.visitorchecking.ru/?ws=396336942.798836572.246394248.685018301Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.67.134.63
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.16.1
                                                                                                                                                                                                                              http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.25.129
                                                                                                                                                                                                                              https://businessnotice.org/dhl/22450156620/tracking?u=84775-c0bf6be57168918ea5fe039631be6c3a772f4fac11292328fca4a210ba0e8890Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.17.245.203
                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                              http://email.edms.trackingmore.com/c/eJx0zrFuhDAMgOGnCWPE2YHAkKELr4FsxwF05EBJWun69JU6den8D_8XQz88mKXT8PCICDi6udsDJB44oUuePHiZGCABe0UvMAlP3RGGSSHOI4w--d7NiUdBAlQPKglkNq7Pb9sKyfN4bfkqauXK3Rn21m6DHwYWA0usZKlGu50X03lT2-tOJ1mNn_Z1G1hK7PJ7zVorbboe8Y9z_T7kWS7W0tD1xvVbpuP8vZTwf_sK8BMAAP__3p9Nvw#4UjjVf19156dXgi477henjyiztuh1607QELNKWKBNFUHFFI32RLCJ32096s9/84502vqzGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                              • 104.21.77.48
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.32.1

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140_1.dlldownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Update_4112024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Update_4112024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140.dlldownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              Update_4112024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                Update_4112024.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_y3x8pjQ1Ci.exe_55f76bc3f1cc43a5d4295edead2ea85d4bdc83c_734fe3ae_8cb65fcd-eff8-42cb-aeec-372fe358ba78\Report.wer

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                  Entropy (8bit):1.3555870217488
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:YP5jL0MoeUjoR7DMBQnWQwXiSLB4FXV8QFLiRNQ7DwaX4M/UzIV8Iv1SnYzuiFJo:i5jYMoeUjcPwaI4RzuiFJY4lO8Y
                                                                                                                                                                                                                                                                  MD5:B6B6F9AE70CA3ACC1215AA0867FDAEAB
                                                                                                                                                                                                                                                                  SHA1:FA1C457EE76B7D9AC6BFF7D69E9E5C5E6B84145E
                                                                                                                                                                                                                                                                  SHA-256:9688F91B0B5F84740E2866CFE6BD3036C59AFE5A186300E4228973B7B0CE222C
                                                                                                                                                                                                                                                                  SHA-512:370F4E6A2383E49EFF8DA30E1A917A7EDCD804B95C7D054F1709D67823A125FCC02CD24976D000888EB1526B2E4BC02AE150191A245FFF0B084DFD2846D73359
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.2.8.3.6.3.5.6.2.7.3.9.5.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.2.8.3.6.3.6.1.5.8.6.4.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.b.6.5.f.c.d.-.e.f.f.8.-.4.2.c.b.-.a.e.e.c.-.3.7.2.f.e.3.5.8.b.a.7.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.5.4.b.e.8.c.-.9.d.d.d.-.4.4.4.b.-.9.0.d.7.-.6.8.4.c.8.9.e.4.1.e.6.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.y.3.x.8.p.j.Q.1.C.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.b.c.-.0.0.0.1.-.0.0.1.4.-.c.2.3.c.-.6.f.d.c.c.7.4.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.9.1.0.0.5.3.a.8.0.9.e.1.b.1.0.8.2.1.a.d.7.4.3.d.3.e.7.e.a.0.0.0.0.0.f.f.f.f.!.0.0.0.0.7.8.5.2.3.9.7.f.e.9.e.8.7.3.b.e.d.9.7.3.3.a.6.f.a.9.7.8.1.6.f.b.5.0.9.3.e.d.c.a.!.y.3.x.8.p.j.Q.1.C.i...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.7.:.0.8.

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D2A.tmp.dmp

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Tue Dec 10 05:53:55 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):131540
                                                                                                                                                                                                                                                                  Entropy (8bit):2.061343265981124
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:iX/NYubHklC3wdpizOEp4tEWzR8SBCiAVuY1yWlTqFBw2d3:iXlYubkStHp4tEELQiAFyWlWnl3
                                                                                                                                                                                                                                                                  MD5:7F44A9B4769567DA1F532CD43B019F75
                                                                                                                                                                                                                                                                  SHA1:866B9E312683BBA25EDCD95057FF113EA3EB50CF
                                                                                                                                                                                                                                                                  SHA-256:5CCED67037BBAF2CA8268FCE6BD5AE288BF3B7F9E3AA09AD41F17568FED11C21
                                                                                                                                                                                                                                                                  SHA-512:44B2B4C03109883D26BA732A76E0F4CF50A0DF3994104AE76ADEBBF5D3A0ED509DC5B2F372A6233740109A5816BB577E9B6F9ED7603369671F2C7517AD1A330B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MDMP..a..... .......s.Wg............$............%..8.......$....-......$....\..........`.......8...........T............%..D............-.........../..............................................................................eJ......p0......Lw......................T...........c.Wg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E54.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):9640
                                                                                                                                                                                                                                                                  Entropy (8bit):3.711051433692319
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJEIW86Yu7dj4gmfdtpDD89b3ZufGMdm:R6lXJrt6YSdj4gmfds3gfGr
                                                                                                                                                                                                                                                                  MD5:3E15FDEA38AA313DD3BE6EF60457C9E1
                                                                                                                                                                                                                                                                  SHA1:95258469D5335112509C3DAF69BAECD5E105FB55
                                                                                                                                                                                                                                                                  SHA-256:EF3E5204384BC17EAA472581D2D5CD509804534CD4F0F3053FF7BE1361AD28E1
                                                                                                                                                                                                                                                                  SHA-512:83E7FA6F750A83EFD6C9C80EC3A0A6EBF4821B12E39628BD0B635C5192081020B796F5D6F4E50B4451800CAF1F434A32AFFDDA3FB797B2503314B7D9CF52EB43
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.5.6.<./.P.i.

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E84.tmp.xml

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4760
                                                                                                                                                                                                                                                                  Entropy (8bit):4.453986247034652
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsKJg771I9XZD/SWpW8VYTYm8M4JCWDFkZmyq8vxWKQE8BVd:uIjfYI7O7z7VzJz+cWIKUBVd
                                                                                                                                                                                                                                                                  MD5:AC0B494892B5763958D3338F85CE725F
                                                                                                                                                                                                                                                                  SHA1:F71C5C3B003081C8F469DB8FE498BF8BAECA340B
                                                                                                                                                                                                                                                                  SHA-256:91132BB21440B9C7260C96341829C650885AB6D80E6BF5861426552B4F304931
                                                                                                                                                                                                                                                                  SHA-512:796ECD1A41B0399BE84F43019B4B2FACF325D03F562A47ED7482CA9EF326B619546D8ABBBB5E267E2E6E856761C8F19905C5DD77B2353E7B2FF5C17ABADE811E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="624776" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):590112
                                                                                                                                                                                                                                                                  Entropy (8bit):6.461874649448891
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                                                                                                                                                                                                                                                                  MD5:01B946A2EDC5CC166DE018DBB754B69C
                                                                                                                                                                                                                                                                  SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                                                                                                                                                                                                                                                                  SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                                                                                                                                                                                                                                                                  SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: az10.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\MSVCP140_1.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):31728
                                                                                                                                                                                                                                                                  Entropy (8bit):6.499754548353504
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                                                                                                                                                                                                                                                                  MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                                                                                                                                                                                                                                                                  SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                                                                                                                                                                                                                                                                  SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                                                                                                                                                                                                                                                                  SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: download.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: az10.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Core.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):6023664
                                                                                                                                                                                                                                                                  Entropy (8bit):6.768988071491288
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                                                                                                                                                                                                                                                                  MD5:817520432A42EFA345B2D97F5C24510E
                                                                                                                                                                                                                                                                  SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                                                                                                                                                                                                                                                                  SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                                                                                                                                                                                                                                                                  SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5DBus.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):436720
                                                                                                                                                                                                                                                                  Entropy (8bit):6.392610185061176
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                                                                                                                                                                                                                                                                  MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                                                                                                                                                                                                                                                                  SHA1:638F0B46730884FA036900649F69F3021557E2FE
                                                                                                                                                                                                                                                                  SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                                                                                                                                                                                                                                                                  SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Gui.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7008240
                                                                                                                                                                                                                                                                  Entropy (8bit):6.674290383197779
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                                                                                                                                                                                                                                                                  MD5:47307A1E2E9987AB422F09771D590FF1
                                                                                                                                                                                                                                                                  SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                                                                                                                                                                                                                                                                  SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                                                                                                                                                                                                                                                                  SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Network.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1340400
                                                                                                                                                                                                                                                                  Entropy (8bit):6.41486755163134
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                                                                                                                                                                                                                                                                  MD5:3569693D5BAE82854DE1D88F86C33184
                                                                                                                                                                                                                                                                  SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                                                                                                                                                                                                                                                                  SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                                                                                                                                                                                                                                                                  SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Qml.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):3591664
                                                                                                                                                                                                                                                                  Entropy (8bit):6.333693598000157
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                                                                                                                                                                                                                                                                  MD5:D055566B5168D7B1D4E307C41CE47C4B
                                                                                                                                                                                                                                                                  SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                                                                                                                                                                                                                                                                  SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                                                                                                                                                                                                                                                                  SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5QmlModels.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):438768
                                                                                                                                                                                                                                                                  Entropy (8bit):6.312090336793804
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                                                                                                                                                                                                                                                                  MD5:2030C4177B499E6118BE5B9E5761FCE1
                                                                                                                                                                                                                                                                  SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                                                                                                                                                                                                                                                                  SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                                                                                                                                                                                                                                                                  SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Quick.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4148720
                                                                                                                                                                                                                                                                  Entropy (8bit):6.462183686222023
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                                                                                                                                                                                                                                                                  MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                                                                                                                                                                                                                                                                  SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                                                                                                                                                                                                                                                                  SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                                                                                                                                                                                                                                                                  SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Svg.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):330736
                                                                                                                                                                                                                                                                  Entropy (8bit):6.381828869454302
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                                                                                                                                                                                                                                                                  MD5:03761F923E52A7269A6E3A7452F6BE93
                                                                                                                                                                                                                                                                  SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                                                                                                                                                                                                                                                                  SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                                                                                                                                                                                                                                                                  SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5WebSockets.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):149488
                                                                                                                                                                                                                                                                  Entropy (8bit):6.116105454277536
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                                                                                                                                                                                                                                                                  MD5:A016545F963548E0F37885E07EF945C7
                                                                                                                                                                                                                                                                  SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                                                                                                                                                                                                                                                                  SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                                                                                                                                                                                                                                                                  SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\Qt5Widgets.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5498352
                                                                                                                                                                                                                                                                  Entropy (8bit):6.619117060971844
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                                                                                                                                                                                                                                                                  MD5:4CD1F8FDCD617932DB131C3688845EA8
                                                                                                                                                                                                                                                                  SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                                                                                                                                                                                                                                                                  SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                                                                                                                                                                                                                                                                  SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):101872
                                                                                                                                                                                                                                                                  Entropy (8bit):6.5661918084228725
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                                                                                                                  MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                                                                                                                  SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                                                                                                                  SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                                                                                                                  SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):44528
                                                                                                                                                                                                                                                                  Entropy (8bit):6.627837381503075
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                                                                                                                                                                                                                                                                  MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                                                                                                                                                                                                                                                                  SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                                                                                                                                                                                                                                                                  SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                                                                                                                                                                                                                                                                  SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4173928
                                                                                                                                                                                                                                                                  Entropy (8bit):6.329102290474506
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
                                                                                                                                                                                                                                                                  MD5:B0AE3AA9DD1EBD60BDF51CB94834CD04
                                                                                                                                                                                                                                                                  SHA1:EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
                                                                                                                                                                                                                                                                  SHA-256:E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
                                                                                                                                                                                                                                                                  SHA-512:756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libEGL.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):25072
                                                                                                                                                                                                                                                                  Entropy (8bit):5.961464514165753
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
                                                                                                                                                                                                                                                                  MD5:BB00EF1DD81296AF10FDFA673B4D1397
                                                                                                                                                                                                                                                                  SHA1:773FFCF4A231B963BAAC36CBEF68079C09B62837
                                                                                                                                                                                                                                                                  SHA-256:32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
                                                                                                                                                                                                                                                                  SHA-512:C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\libGLESv2.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):3385328
                                                                                                                                                                                                                                                                  Entropy (8bit):6.382356347494905
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
                                                                                                                                                                                                                                                                  MD5:2247EE4356666335DF7D72129AF8D600
                                                                                                                                                                                                                                                                  SHA1:F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
                                                                                                                                                                                                                                                                  SHA-256:50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
                                                                                                                                                                                                                                                                  SHA-512:67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\bin\opengl32sw.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):20923392
                                                                                                                                                                                                                                                                  Entropy (8bit):6.255903817217008
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
                                                                                                                                                                                                                                                                  MD5:7DBC97BFEE0C7AC89DA8D0C770C977B6
                                                                                                                                                                                                                                                                  SHA1:A064C8D8967AAA4ADA29BD9FEFBE40405360412C
                                                                                                                                                                                                                                                                  SHA-256:963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
                                                                                                                                                                                                                                                                  SHA-512:286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........|.-.....|.+.*...|.*.<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):68080
                                                                                                                                                                                                                                                                  Entropy (8bit):6.207162014262433
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
                                                                                                                                                                                                                                                                  MD5:750A31DE7840B5EED8BA14C1BD84D348
                                                                                                                                                                                                                                                                  SHA1:D345D13B0C303B7094D1C438E49F0046791DE7F6
                                                                                                                                                                                                                                                                  SHA-256:A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
                                                                                                                                                                                                                                                                  SHA-512:5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):41968
                                                                                                                                                                                                                                                                  Entropy (8bit):6.0993566622860635
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                                                                                                                                                                                                                                                                  MD5:313F89994F3FEA8F67A48EE13359F4BA
                                                                                                                                                                                                                                                                  SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                                                                                                                                                                                                                                                                  SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                                                                                                                                                                                                                                                                  SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qgif.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):39408
                                                                                                                                                                                                                                                                  Entropy (8bit):6.0316011626259405
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                                                                                                                                                                                                                                                                  MD5:52FD90E34FE8DED8E197B532BD622EF7
                                                                                                                                                                                                                                                                  SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                                                                                                                                                                                                                                                                  SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                                                                                                                                                                                                                                                                  SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qicns.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):45040
                                                                                                                                                                                                                                                                  Entropy (8bit):6.016125225197622
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                                                                                                                                                                                                                                                                  MD5:AD84AF4D585643FF94BFA6DE672B3284
                                                                                                                                                                                                                                                                  SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                                                                                                                                                                                                                                                                  SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                                                                                                                                                                                                                                                                  SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qico.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):38384
                                                                                                                                                                                                                                                                  Entropy (8bit):5.957072398645384
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                                                                                                                                                                                                                                                                  MD5:A9ABD4329CA364D4F430EDDCB471BE59
                                                                                                                                                                                                                                                                  SHA1:C00A629419509929507A05AEBB706562C837E337
                                                                                                                                                                                                                                                                  SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                                                                                                                                                                                                                                                                  SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):421360
                                                                                                                                                                                                                                                                  Entropy (8bit):5.7491063936821405
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                                                                                                                                                                                                                                                                  MD5:16ABCCEB70BA20E73858E8F1912C05CD
                                                                                                                                                                                                                                                                  SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                                                                                                                                                                                                                                                                  SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                                                                                                                                                                                                                                                                  SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qsvg.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):32240
                                                                                                                                                                                                                                                                  Entropy (8bit):5.978149408776758
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                                                                                                                                                                                                                                                                  MD5:C0DE135782FA0235A0EA8E97898EAF2A
                                                                                                                                                                                                                                                                  SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                                                                                                                                                                                                                                                                  SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                                                                                                                                                                                                                                                                  SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtga.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):31728
                                                                                                                                                                                                                                                                  Entropy (8bit):5.865766652452823
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                                                                                                                                                                                                                                                                  MD5:A913276FA25D2E6FD999940454C23093
                                                                                                                                                                                                                                                                  SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                                                                                                                                                                                                                                                                  SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                                                                                                                                                                                                                                                                  SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qtiff.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):390128
                                                                                                                                                                                                                                                                  Entropy (8bit):5.724665470266677
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                                                                                                                                                                                                                                                                  MD5:9C0ACF12D3D25384868DCD81C787F382
                                                                                                                                                                                                                                                                  SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                                                                                                                                                                                                                                                                  SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                                                                                                                                                                                                                                                                  SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):30192
                                                                                                                                                                                                                                                                  Entropy (8bit):5.938644231596902
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                                                                                                                                                                                                                                                                  MD5:68919381E3C64E956D05863339F5C68C
                                                                                                                                                                                                                                                                  SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                                                                                                                                                                                                                                                                  SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                                                                                                                                                                                                                                                                  SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\imageformats\qwebp.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):510448
                                                                                                                                                                                                                                                                  Entropy (8bit):6.605517748735854
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                                                                                                                                                                                                                                                                  MD5:308E4565C3C5646F9ABD77885B07358E
                                                                                                                                                                                                                                                                  SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                                                                                                                                                                                                                                                                  SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                                                                                                                                                                                                                                                                  SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qminimal.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):844784
                                                                                                                                                                                                                                                                  Entropy (8bit):6.625808732261156
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                                                                                                                                                                                                                                                                  MD5:2F6D88F8EC3047DEAF174002228219AB
                                                                                                                                                                                                                                                                  SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                                                                                                                                                                                                                                                                  SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                                                                                                                                                                                                                                                                  SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):754672
                                                                                                                                                                                                                                                                  Entropy (8bit):6.6323155845799695
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                                                                                                                                                                                                                                                                  MD5:6407499918557594916C6AB1FFEF1E99
                                                                                                                                                                                                                                                                  SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                                                                                                                                                                                                                                                                  SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                                                                                                                                                                                                                                                                  SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwebgl.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):482288
                                                                                                                                                                                                                                                                  Entropy (8bit):6.152380961313931
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                                                                                                                                                                                                                                                                  MD5:1EDCB08C16D30516483A4CBB7D81E062
                                                                                                                                                                                                                                                                  SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                                                                                                                                                                                                                                                                  SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                                                                                                                                                                                                                                                                  SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platforms\qwindows.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1477104
                                                                                                                                                                                                                                                                  Entropy (8bit):6.575113537540671
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                                                                                                                                                                                                                                                                  MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                                                                                                                                                                                                                                                                  SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                                                                                                                                                                                                                                                                  SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                                                                                                                                                                                                                                                                  SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):68592
                                                                                                                                                                                                                                                                  Entropy (8bit):6.125954940500008
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                                                                                                                                                                                                                                                                  MD5:F66F6E9EDA956F72E3BB113407035E61
                                                                                                                                                                                                                                                                  SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                                                                                                                                                                                                                                                                  SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                                                                                                                                                                                                                                                                  SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):144368
                                                                                                                                                                                                                                                                  Entropy (8bit):6.294675868932723
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                                                                                                                                                                                                                                                                  MD5:53A85F51054B7D58D8AD7C36975ACB96
                                                                                                                                                                                                                                                                  SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                                                                                                                                                                                                                                                                  SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                                                                                                                                                                                                                                                                  SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_ar.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):130
                                                                                                                                                                                                                                                                  Entropy (8bit):4.024232093209084
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
                                                                                                                                                                                                                                                                  MD5:8FF05B56C0995F90A80B7064AA6E915C
                                                                                                                                                                                                                                                                  SHA1:D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
                                                                                                                                                                                                                                                                  SHA-256:A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
                                                                                                                                                                                                                                                                  SHA-512:5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_bg.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6813848812976975
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
                                                                                                                                                                                                                                                                  MD5:466EED6C184D2055488D4C5EA9AE5F20
                                                                                                                                                                                                                                                                  SHA1:8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
                                                                                                                                                                                                                                                                  SHA-256:9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
                                                                                                                                                                                                                                                                  SHA-512:D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_ca.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.631479835393124
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
                                                                                                                                                                                                                                                                  MD5:6FBA66FE449866B478A2EBA66A724A02
                                                                                                                                                                                                                                                                  SHA1:EBEF6ED8460218CE8DF735659A8CBCD693600AC6
                                                                                                                                                                                                                                                                  SHA-256:171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
                                                                                                                                                                                                                                                                  SHA-512:2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_cs.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):157
                                                                                                                                                                                                                                                                  Entropy (8bit):3.7483537099309427
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
                                                                                                                                                                                                                                                                  MD5:D033053C03C3ECFA2AA926E0E674F67F
                                                                                                                                                                                                                                                                  SHA1:B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
                                                                                                                                                                                                                                                                  SHA-256:3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
                                                                                                                                                                                                                                                                  SHA-512:2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_da.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
                                                                                                                                                                                                                                                                  MD5:E6A683F4A0883B5B0C7D30B847EF208C
                                                                                                                                                                                                                                                                  SHA1:FF2440DBBFE04AD86C6F285426AAFD49A895B128
                                                                                                                                                                                                                                                                  SHA-256:B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
                                                                                                                                                                                                                                                                  SHA-512:D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_de.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
                                                                                                                                                                                                                                                                  MD5:06168E1261BF72F49F94927723B2E1EB
                                                                                                                                                                                                                                                                  SHA1:DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
                                                                                                                                                                                                                                                                  SHA-256:5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
                                                                                                                                                                                                                                                                  SHA-512:AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_en.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                  Entropy (8bit):4.0
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                                                  MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                                                  SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                                                  SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                                                  SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`...

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_es.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6070658648473097
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
                                                                                                                                                                                                                                                                  MD5:EE47DFADBA4414FDC051C5CFBE71DDC1
                                                                                                                                                                                                                                                                  SHA1:DE650E96A9C130D35F8A498202773EF7FC875D27
                                                                                                                                                                                                                                                                  SHA-256:E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
                                                                                                                                                                                                                                                                  SHA-512:8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_fa.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):293121
                                                                                                                                                                                                                                                                  Entropy (8bit):5.272179385890926
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
                                                                                                                                                                                                                                                                  MD5:F9C3624197ACB30A9E6CC799BB65BED6
                                                                                                                                                                                                                                                                  SHA1:D715EAE24387DE15588F68C92991A93FAFB5EEAB
                                                                                                                                                                                                                                                                  SHA-256:B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
                                                                                                                                                                                                                                                                  SHA-512:199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_fi.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):117
                                                                                                                                                                                                                                                                  Entropy (8bit):3.739162292019161
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
                                                                                                                                                                                                                                                                  MD5:72882942B07B8AAC98034016E752B1A0
                                                                                                                                                                                                                                                                  SHA1:BF23B4C136B863B10E770019A2DF62FC988859DF
                                                                                                                                                                                                                                                                  SHA-256:048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
                                                                                                                                                                                                                                                                  SHA-512:403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_fr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.680458675741643
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
                                                                                                                                                                                                                                                                  MD5:3C45C665CFE036A7474CB4DCBB13CF40
                                                                                                                                                                                                                                                                  SHA1:62312DFF3C4CD38BAE8456C981601D0D89600F63
                                                                                                                                                                                                                                                                  SHA-256:8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
                                                                                                                                                                                                                                                                  SHA-512:21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_gd.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):70
                                                                                                                                                                                                                                                                  Entropy (8bit):4.463523104731333
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
                                                                                                                                                                                                                                                                  MD5:A8D55457C0413893F746D40B637F9C93
                                                                                                                                                                                                                                                                  SHA1:25123615482947772176E055E4A74043B2FBCAA0
                                                                                                                                                                                                                                                                  SHA-256:49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
                                                                                                                                                                                                                                                                  SHA-512:99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_gl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):323590
                                                                                                                                                                                                                                                                  Entropy (8bit):4.568068046062524
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
                                                                                                                                                                                                                                                                  MD5:0661FFABFBC50187F3BA38876B721946
                                                                                                                                                                                                                                                                  SHA1:EB5E7205355CFC6BCB4DF27E224079842C97B296
                                                                                                                                                                                                                                                                  SHA-256:204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
                                                                                                                                                                                                                                                                  SHA-512:65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......gl_ESB..I....*.......+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9...............*.......)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_he.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):83
                                                                                                                                                                                                                                                                  Entropy (8bit):3.880645689209568
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
                                                                                                                                                                                                                                                                  MD5:DD5C2C6B148F2DB3E666B859776AE129
                                                                                                                                                                                                                                                                  SHA1:8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
                                                                                                                                                                                                                                                                  SHA-256:C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
                                                                                                                                                                                                                                                                  SHA-512:2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_ar.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):8743
                                                                                                                                                                                                                                                                  Entropy (8bit):5.189558605179696
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
                                                                                                                                                                                                                                                                  MD5:CCD39A7C8139AD041E31B3E5D40968B4
                                                                                                                                                                                                                                                                  SHA1:5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
                                                                                                                                                                                                                                                                  SHA-256:222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
                                                                                                                                                                                                                                                                  SHA-512:9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......arB.....(.....d.0T....*.5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8.*.9.0.Q.1. .F.3... .E.D.A.Q. .'.D.*.Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.......*.9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>.*.9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L.*.9.0.Q.1. .*.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_bg.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10599
                                                                                                                                                                                                                                                                  Entropy (8bit):5.192287379770591
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
                                                                                                                                                                                                                                                                  MD5:5538049DA3A1D1D724AB6E11D2E2EDBE
                                                                                                                                                                                                                                                                  SHA1:7256BE390B88A053C0252488C443BE42F6F2D92A
                                                                                                                                                                                                                                                                  SHA-256:CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
                                                                                                                                                                                                                                                                  SHA-512:DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_ca.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7444
                                                                                                                                                                                                                                                                  Entropy (8bit):4.580794980254807
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
                                                                                                                                                                                                                                                                  MD5:66722ED97BCBFD3DAE3C8264413859AB
                                                                                                                                                                                                                                                                  SHA1:400A93B213FCF9BBC9785881EA82ADB9F444CD6C
                                                                                                                                                                                                                                                                  SHA-256:ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
                                                                                                                                                                                                                                                                  SHA-512:B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_cs.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):15297
                                                                                                                                                                                                                                                                  Entropy (8bit):4.708378368926237
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
                                                                                                                                                                                                                                                                  MD5:ED228F0F60AE9AEC28AB9171D5AE9590
                                                                                                                                                                                                                                                                  SHA1:7F061CF0C699D125A5531E3480C21964452F45EA
                                                                                                                                                                                                                                                                  SHA-256:4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
                                                                                                                                                                                                                                                                  SHA-512:794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....*B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!....*..K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_da.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4795
                                                                                                                                                                                                                                                                  Entropy (8bit):4.530246422531362
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
                                                                                                                                                                                                                                                                  MD5:1D09BEE1FB55A173F7EB39B9A662A170
                                                                                                                                                                                                                                                                  SHA1:C77F0A148262A91679F19689E4790B754D45D5D5
                                                                                                                                                                                                                                                                  SHA-256:6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
                                                                                                                                                                                                                                                                  SHA-512:BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_de.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7570
                                                                                                                                                                                                                                                                  Entropy (8bit):4.550982634910665
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
                                                                                                                                                                                                                                                                  MD5:3B070D169E3381E2FB081172934AAD00
                                                                                                                                                                                                                                                                  SHA1:70886EB7EF566B296D0814BD4C2440AC176699D6
                                                                                                                                                                                                                                                                  SHA-256:9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
                                                                                                                                                                                                                                                                  SHA-512:271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_en.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                  Entropy (8bit):4.0
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                                                  MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                                                  SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                                                  SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                                                  SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`...

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_es.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10704
                                                                                                                                                                                                                                                                  Entropy (8bit):4.481291573289571
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
                                                                                                                                                                                                                                                                  MD5:9EDF433AB9EE5FC7CF7782370150B26A
                                                                                                                                                                                                                                                                  SHA1:A918AE15A0DF187C7789BE8599A80E279F039964
                                                                                                                                                                                                                                                                  SHA-256:FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
                                                                                                                                                                                                                                                                  SHA-512:88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_fr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10922
                                                                                                                                                                                                                                                                  Entropy (8bit):4.459946393010639
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
                                                                                                                                                                                                                                                                  MD5:D520C7F85CC06C66715A2B6622BF0687
                                                                                                                                                                                                                                                                  SHA1:47292D068172FBC9DC0D9BE2F479E890A37CE138
                                                                                                                                                                                                                                                                  SHA-256:687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
                                                                                                                                                                                                                                                                  SHA-512:736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_gl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10891
                                                                                                                                                                                                                                                                  Entropy (8bit):4.5087667371046205
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
                                                                                                                                                                                                                                                                  MD5:B62C74793741FC386332A59113E8D412
                                                                                                                                                                                                                                                                  SHA1:589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
                                                                                                                                                                                                                                                                  SHA-256:7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
                                                                                                                                                                                                                                                                  SHA-512:D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_hu.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10284
                                                                                                                                                                                                                                                                  Entropy (8bit):4.674501432335502
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
                                                                                                                                                                                                                                                                  MD5:5A56E9E2ED6ECE3F249D1C2A7EB3B172
                                                                                                                                                                                                                                                                  SHA1:D6F079F40FBB813B0293C1D2210BAE7084092FEC
                                                                                                                                                                                                                                                                  SHA-256:70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
                                                                                                                                                                                                                                                                  SHA-512:28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_it.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10612
                                                                                                                                                                                                                                                                  Entropy (8bit):4.458970627057882
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
                                                                                                                                                                                                                                                                  MD5:3639B57B463987F6DB07629253ACD8BF
                                                                                                                                                                                                                                                                  SHA1:65935A67C73F19FCF6023FB95030A5ACAF9DA21C
                                                                                                                                                                                                                                                                  SHA-256:316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
                                                                                                                                                                                                                                                                  SHA-512:AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_ja.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7917
                                                                                                                                                                                                                                                                  Entropy (8bit):5.680408580146589
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
                                                                                                                                                                                                                                                                  MD5:1380A9352C476071BDA5A5D4FED0B6C5
                                                                                                                                                                                                                                                                  SHA1:9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
                                                                                                                                                                                                                                                                  SHA-256:AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
                                                                                                                                                                                                                                                                  SHA-512:EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_ko.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5708
                                                                                                                                                                                                                                                                  Entropy (8bit):5.698914195742074
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
                                                                                                                                                                                                                                                                  MD5:CD15674A652C2BF435F7578E119182F8
                                                                                                                                                                                                                                                                  SHA1:AEA22E4A0D21396733802C7AB738DDD03737B7D6
                                                                                                                                                                                                                                                                  SHA-256:F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
                                                                                                                                                                                                                                                                  SHA-512:88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_pl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):9673
                                                                                                                                                                                                                                                                  Entropy (8bit):4.622652249027856
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
                                                                                                                                                                                                                                                                  MD5:2B68446B69D9AA40B273D75A581D2992
                                                                                                                                                                                                                                                                  SHA1:8A09BD38998543B74E2673478EDD54FB4BBDD068
                                                                                                                                                                                                                                                                  SHA-256:CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
                                                                                                                                                                                                                                                                  SHA-512:F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_ru.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):7288
                                                                                                                                                                                                                                                                  Entropy (8bit):5.297177914619657
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
                                                                                                                                                                                                                                                                  MD5:794AF445A5D7082D51BD22683449F86D
                                                                                                                                                                                                                                                                  SHA1:3A0C369872B112A1572AA17EEB814B168B225D98
                                                                                                                                                                                                                                                                  SHA-256:557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
                                                                                                                                                                                                                                                                  SHA-512:D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_sk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                                                                  Entropy (8bit):4.70568613551943
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
                                                                                                                                                                                                                                                                  MD5:75C94E59F1FC5312AE25381C247AF992
                                                                                                                                                                                                                                                                  SHA1:E3E5F4582CC5FAFE6DF43644D11484861023C084
                                                                                                                                                                                                                                                                  SHA-256:F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
                                                                                                                                                                                                                                                                  SHA-512:959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_sl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10363
                                                                                                                                                                                                                                                                  Entropy (8bit):4.613473842638716
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
                                                                                                                                                                                                                                                                  MD5:3B0AEE27B193A8A563C5CB5C7C4FE60F
                                                                                                                                                                                                                                                                  SHA1:C94E832595EC765370553468F87C02DB7E7D138A
                                                                                                                                                                                                                                                                  SHA-256:2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
                                                                                                                                                                                                                                                                  SHA-512:EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_tr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4629
                                                                                                                                                                                                                                                                  Entropy (8bit):4.68793836539357
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
                                                                                                                                                                                                                                                                  MD5:32D6EE3D8EE6408A03E568B972F93BCB
                                                                                                                                                                                                                                                                  SHA1:582EE079DBD42000C378E0701D26405750524DBA
                                                                                                                                                                                                                                                                  SHA-256:EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
                                                                                                                                                                                                                                                                  SHA-512:24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_uk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):9750
                                                                                                                                                                                                                                                                  Entropy (8bit):5.281035122342072
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
                                                                                                                                                                                                                                                                  MD5:90A776917D534B65942063C319573CDC
                                                                                                                                                                                                                                                                  SHA1:5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
                                                                                                                                                                                                                                                                  SHA-256:497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
                                                                                                                                                                                                                                                                  SHA-512:B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_zh_CN.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):6441
                                                                                                                                                                                                                                                                  Entropy (8bit):5.790303416386852
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
                                                                                                                                                                                                                                                                  MD5:9297A6905B8B1823BF7E318D9138A104
                                                                                                                                                                                                                                                                  SHA1:3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
                                                                                                                                                                                                                                                                  SHA-256:C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
                                                                                                                                                                                                                                                                  SHA-512:01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_help_zh_TW.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):9301
                                                                                                                                                                                                                                                                  Entropy (8bit):5.80411750798786
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
                                                                                                                                                                                                                                                                  MD5:47C3328D3918CF627112BB6C50E30B86
                                                                                                                                                                                                                                                                  SHA1:05705603AB3F28402A6C103E1C41DDFF21D140C0
                                                                                                                                                                                                                                                                  SHA-256:3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
                                                                                                                                                                                                                                                                  SHA-512:8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_hu.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):146
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6255640074603277
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
                                                                                                                                                                                                                                                                  MD5:5A46979B45C67DD6312F33CCEA2ED7BC
                                                                                                                                                                                                                                                                  SHA1:4C56836B1FB10D9903B299CBCB925947D515B4C8
                                                                                                                                                                                                                                                                  SHA-256:BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
                                                                                                                                                                                                                                                                  SHA-512:BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_it.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                                                  Entropy (8bit):3.5752972123113778
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
                                                                                                                                                                                                                                                                  MD5:2BB8C94D420D3BC344C79A01043BDC89
                                                                                                                                                                                                                                                                  SHA1:3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
                                                                                                                                                                                                                                                                  SHA-256:9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
                                                                                                                                                                                                                                                                  SHA-512:C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_ja.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):146
                                                                                                                                                                                                                                                                  Entropy (8bit):3.599979504080125
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
                                                                                                                                                                                                                                                                  MD5:8A1EE3433304838CCD0EBE0A825E84D8
                                                                                                                                                                                                                                                                  SHA1:2B3476588350C5384E0F9A51FF2E3659E89B4846
                                                                                                                                                                                                                                                                  SHA-256:23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
                                                                                                                                                                                                                                                                  SHA-512:2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_ko.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):146
                                                                                                                                                                                                                                                                  Entropy (8bit):3.652277257665055
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
                                                                                                                                                                                                                                                                  MD5:7B2659AF52B824EAC6C169CDD9467EE9
                                                                                                                                                                                                                                                                  SHA1:5727109218B222E3B654A8CC9933E970EB7C2118
                                                                                                                                                                                                                                                                  SHA-256:4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
                                                                                                                                                                                                                                                                  SHA-512:E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_lt.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):165383
                                                                                                                                                                                                                                                                  Entropy (8bit):4.805977227348512
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
                                                                                                                                                                                                                                                                  MD5:8992B652D1499F5D2F12674F3F875A35
                                                                                                                                                                                                                                                                  SHA1:E22766A49612F79156C550D83C6C230345DDA433
                                                                                                                                                                                                                                                                  SHA-256:47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
                                                                                                                                                                                                                                                                  SHA-512:9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ltB..0X...*..)C...+...|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E..*....................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_lv.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):89
                                                                                                                                                                                                                                                                  Entropy (8bit):4.156834975253888
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
                                                                                                                                                                                                                                                                  MD5:19F1B919BB531E9E12E7F707BEBD8497
                                                                                                                                                                                                                                                                  SHA1:46E82683CEA28D877C73A5CE02F965BB1130FC62
                                                                                                                                                                                                                                                                  SHA-256:03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
                                                                                                                                                                                                                                                                  SHA-512:901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_pl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):161
                                                                                                                                                                                                                                                                  Entropy (8bit):3.8693516202048612
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
                                                                                                                                                                                                                                                                  MD5:D71EA9FEFD97464B178235150EC8759E
                                                                                                                                                                                                                                                                  SHA1:61026FE602FD1B8B442A0D341C6BD759EEC75488
                                                                                                                                                                                                                                                                  SHA-256:BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
                                                                                                                                                                                                                                                                  SHA-512:ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_pt.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):70334
                                                                                                                                                                                                                                                                  Entropy (8bit):4.732724622610353
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
                                                                                                                                                                                                                                                                  MD5:6656500F7A28EF820AE9F97FD47FB5BB
                                                                                                                                                                                                                                                                  SHA1:CC112B9C9513BCF7497F3417168B4C8A9F7640A9
                                                                                                                                                                                                                                                                  SHA-256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
                                                                                                                                                                                                                                                                  SHA-512:5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......pt_PTB...(...*...9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,.*.y.....*.y..o..*.y.....*.T..L..*.0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_ru.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):164
                                                                                                                                                                                                                                                                  Entropy (8bit):3.984562388316898
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
                                                                                                                                                                                                                                                                  MD5:F7A8C75408B9A34A2B185E76F51B7B85
                                                                                                                                                                                                                                                                  SHA1:065E987139C5FB809A6F9CDF3845BCD79707FDBB
                                                                                                                                                                                                                                                                  SHA-256:6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
                                                                                                                                                                                                                                                                  SHA-512:E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_sk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):157
                                                                                                                                                                                                                                                                  Entropy (8bit):3.7731953311404336
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
                                                                                                                                                                                                                                                                  MD5:24C179481B5EF574F33E983A62A34D53
                                                                                                                                                                                                                                                                  SHA1:0A67F1ED8CA4A5182F504806F8D47D499789F2D2
                                                                                                                                                                                                                                                                  SHA-256:B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
                                                                                                                                                                                                                                                                  SHA-512:4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_sl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):228428
                                                                                                                                                                                                                                                                  Entropy (8bit):4.726953418955661
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
                                                                                                                                                                                                                                                                  MD5:D35A0FE35476BE8BD149CEE46E42B5E9
                                                                                                                                                                                                                                                                  SHA1:9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
                                                                                                                                                                                                                                                                  SHA-256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
                                                                                                                                                                                                                                                                  SHA-512:BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_sv.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):65851
                                                                                                                                                                                                                                                                  Entropy (8bit):4.7906769989650515
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
                                                                                                                                                                                                                                                                  MD5:0E85E0E0E7DDFE3D4BDE302F27047F9C
                                                                                                                                                                                                                                                                  SHA1:AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
                                                                                                                                                                                                                                                                  SHA-256:4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
                                                                                                                                                                                                                                                                  SHA-512:8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`...B.......*.......+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,...........*......i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y.....*.y.../.*.y..h..*.y.....*.T..J..*.0..'[.*.0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_tr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):110
                                                                                                                                                                                                                                                                  Entropy (8bit):3.630483009136986
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
                                                                                                                                                                                                                                                                  MD5:16CDF5B9D48B0F795D532A0D07F5C3A0
                                                                                                                                                                                                                                                                  SHA1:6E403C9096B3051973E2B681DFEBBC8DD024830D
                                                                                                                                                                                                                                                                  SHA-256:F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
                                                                                                                                                                                                                                                                  SHA-512:36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_uk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):164
                                                                                                                                                                                                                                                                  Entropy (8bit):4.021402900389864
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
                                                                                                                                                                                                                                                                  MD5:9B101363343847FE42167183320C03F0
                                                                                                                                                                                                                                                                  SHA1:F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
                                                                                                                                                                                                                                                                  SHA-256:F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
                                                                                                                                                                                                                                                                  SHA-512:DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_zh_CN.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):117347
                                                                                                                                                                                                                                                                  Entropy (8bit):5.8593733369029195
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
                                                                                                                                                                                                                                                                  MD5:0D02F0DE5A12BCB338B7042DFBDAACF3
                                                                                                                                                                                                                                                                  SHA1:B7C10D249D8986AD8C6939B370407D07227A39F5
                                                                                                                                                                                                                                                                  SHA-256:28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
                                                                                                                                                                                                                                                                  SHA-512:21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......zhB..+....*.......+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`......*........................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qt_zh_TW.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):141
                                                                                                                                                                                                                                                                  Entropy (8bit):3.7198292994386235
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
                                                                                                                                                                                                                                                                  MD5:ED4135D705AEF3D97F8BF6B8FF11F09C
                                                                                                                                                                                                                                                                  SHA1:308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
                                                                                                                                                                                                                                                                  SHA-256:751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
                                                                                                                                                                                                                                                                  SHA-512:B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_ar.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):160017
                                                                                                                                                                                                                                                                  Entropy (8bit):5.35627970915292
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
                                                                                                                                                                                                                                                                  MD5:A7E4D0BA0FC5DF07F62CC66EC9878979
                                                                                                                                                                                                                                                                  SHA1:21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
                                                                                                                                                                                                                                                                  SHA-256:E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
                                                                                                                                                                                                                                                                  SHA-512:D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_bg.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):165337
                                                                                                                                                                                                                                                                  Entropy (8bit):5.332219158085151
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                                                                                                  MD5:660413AD666A6B31A1ACF8F216781D6E
                                                                                                                                                                                                                                                                  SHA1:654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
                                                                                                                                                                                                                                                                  SHA-256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
                                                                                                                                                                                                                                                                  SHA-512:C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......bg_BGB../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_ca.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):210159
                                                                                                                                                                                                                                                                  Entropy (8bit):4.666388181115542
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
                                                                                                                                                                                                                                                                  MD5:B383F6D4B9EEA51C065E73ECB95BBD23
                                                                                                                                                                                                                                                                  SHA1:DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
                                                                                                                                                                                                                                                                  SHA-256:52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
                                                                                                                                                                                                                                                                  SHA-512:9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_cs.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):174701
                                                                                                                                                                                                                                                                  Entropy (8bit):4.87192387061682
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
                                                                                                                                                                                                                                                                  MD5:C57D0DE9D8458A5BEB2114E47B0FDE47
                                                                                                                                                                                                                                                                  SHA1:3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
                                                                                                                                                                                                                                                                  SHA-256:03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
                                                                                                                                                                                                                                                                  SHA-512:F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......cs_CZB..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_da.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):181387
                                                                                                                                                                                                                                                                  Entropy (8bit):4.755193800761075
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
                                                                                                                                                                                                                                                                  MD5:859CE522A233AF31ED8D32822DA7755B
                                                                                                                                                                                                                                                                  SHA1:70B19B2A6914DA7D629F577F8987553713CD5D3F
                                                                                                                                                                                                                                                                  SHA-256:7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
                                                                                                                                                                                                                                                                  SHA-512:F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......daB..4....*..h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V...*...f...e...f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_de.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):220467
                                                                                                                                                                                                                                                                  Entropy (8bit):4.626295310482312
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
                                                                                                                                                                                                                                                                  MD5:40760A3456C9C8ABE6EA90336AF5DA01
                                                                                                                                                                                                                                                                  SHA1:B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
                                                                                                                                                                                                                                                                  SHA-256:553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
                                                                                                                                                                                                                                                                  SHA-512:068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_en.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                  Entropy (8bit):4.0
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                                                  MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                                                  SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                                                  SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                                                  SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`...

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_es.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):165170
                                                                                                                                                                                                                                                                  Entropy (8bit):4.679910767547088
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                                                                                                  MD5:C7C58A6D683797BFDD3EF676A37E2A40
                                                                                                                                                                                                                                                                  SHA1:809E580CDBF2FFDA10C77F8BE9BAC081978C102B
                                                                                                                                                                                                                                                                  SHA-256:4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
                                                                                                                                                                                                                                                                  SHA-512:C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......es_ESB../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_fi.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):179941
                                                                                                                                                                                                                                                                  Entropy (8bit):4.720938209922096
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                                                                                                  MD5:8472CF0BF6C659177AD45AA9E3A3247C
                                                                                                                                                                                                                                                                  SHA1:7B5313CDA126BB7863001499FB66FB1B56C255FC
                                                                                                                                                                                                                                                                  SHA-256:E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
                                                                                                                                                                                                                                                                  SHA-512:DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......fiB..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_fr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):166167
                                                                                                                                                                                                                                                                  Entropy (8bit):4.685212271435657
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                                                                                                  MD5:1F41FF5D3A781908A481C07B35998729
                                                                                                                                                                                                                                                                  SHA1:ECF3B3156FFE14569ECDF805CF3BE12F29681261
                                                                                                                                                                                                                                                                  SHA-256:EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
                                                                                                                                                                                                                                                                  SHA-512:A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_gd.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):189580
                                                                                                                                                                                                                                                                  Entropy (8bit):4.630160941635514
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                                                                                                  MD5:EB1FB93B0BE51C2AD78FC7BA2F8B9F42
                                                                                                                                                                                                                                                                  SHA1:24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
                                                                                                                                                                                                                                                                  SHA-256:63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
                                                                                                                                                                                                                                                                  SHA-512:E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_he.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):138690
                                                                                                                                                                                                                                                                  Entropy (8bit):5.515748942553918
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
                                                                                                                                                                                                                                                                  MD5:DEAF87D45EE87794AB2DC821F250A87A
                                                                                                                                                                                                                                                                  SHA1:DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
                                                                                                                                                                                                                                                                  SHA-256:E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
                                                                                                                                                                                                                                                                  SHA-512:276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_hu.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):160494
                                                                                                                                                                                                                                                                  Entropy (8bit):4.831791320613137
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
                                                                                                                                                                                                                                                                  MD5:E9D302A698B9272BDA41D6DE1D8313FB
                                                                                                                                                                                                                                                                  SHA1:BBF35C04177CF290B43F7D2533BE44A15D929D02
                                                                                                                                                                                                                                                                  SHA-256:C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
                                                                                                                                                                                                                                                                  SHA-512:12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......hu_HUB../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_it.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):161172
                                                                                                                                                                                                                                                                  Entropy (8bit):4.680034416311688
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
                                                                                                                                                                                                                                                                  MD5:88D040696DE3D068F91E0BF000A9EC3E
                                                                                                                                                                                                                                                                  SHA1:F978B265E50D14FDDE9693EC96E99B636997B74D
                                                                                                                                                                                                                                                                  SHA-256:7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
                                                                                                                                                                                                                                                                  SHA-512:F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_ja.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):129911
                                                                                                                                                                                                                                                                  Entropy (8bit):5.802855391832282
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                                                                                                  MD5:608B80932119D86503CDDCB1CA7F98BA
                                                                                                                                                                                                                                                                  SHA1:7F440399ABA23120F40F6F4FCAE966D621A1CC67
                                                                                                                                                                                                                                                                  SHA-256:CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
                                                                                                                                                                                                                                                                  SHA-512:424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_ko.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):156799
                                                                                                                                                                                                                                                                  Entropy (8bit):5.859529082176036
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
                                                                                                                                                                                                                                                                  MD5:082E361CBAC2E3A0849F87B76EF6E121
                                                                                                                                                                                                                                                                  SHA1:F10E882762DCD2E60041BDD6CC57598FC3DF4343
                                                                                                                                                                                                                                                                  SHA-256:0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
                                                                                                                                                                                                                                                                  SHA-512:F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......koB..7....*.......+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^.............*...5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_lv.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):153608
                                                                                                                                                                                                                                                                  Entropy (8bit):4.843805801051326
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
                                                                                                                                                                                                                                                                  MD5:BD8BDC7BBDB7A80C56DCB61B1108961D
                                                                                                                                                                                                                                                                  SHA1:9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
                                                                                                                                                                                                                                                                  SHA-256:846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
                                                                                                                                                                                                                                                                  SHA-512:F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......lv_LVB.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_pl.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):162982
                                                                                                                                                                                                                                                                  Entropy (8bit):4.841899887077422
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                                                                                                  MD5:F9475A909A0BAF4B6B7A1937D58293C3
                                                                                                                                                                                                                                                                  SHA1:76B97225A11DD1F77CAC6EF144812F91BD8734BD
                                                                                                                                                                                                                                                                  SHA-256:CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
                                                                                                                                                                                                                                                                  SHA-512:8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......pl_PLB..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_ru.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):203767
                                                                                                                                                                                                                                                                  Entropy (8bit):5.362551648909705
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
                                                                                                                                                                                                                                                                  MD5:5096AD2743BF89A334FBA6A2964300D4
                                                                                                                                                                                                                                                                  SHA1:405F45361A537C7923C240D51B0FF1C46621C203
                                                                                                                                                                                                                                                                  SHA-256:3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
                                                                                                                                                                                                                                                                  SHA-512:7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......ru_RUB..7....*...L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H....*..IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_sk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):125763
                                                                                                                                                                                                                                                                  Entropy (8bit):4.80343609423322
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
                                                                                                                                                                                                                                                                  MD5:3D60E50DCBCBD70EE699BC9B1524FCB9
                                                                                                                                                                                                                                                                  SHA1:0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
                                                                                                                                                                                                                                                                  SHA-256:D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
                                                                                                                                                                                                                                                                  SHA-512:F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_tr.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):194487
                                                                                                                                                                                                                                                                  Entropy (8bit):4.877239354585035
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
                                                                                                                                                                                                                                                                  MD5:6CBC5D8E1EABEC96C281065ECC51E35E
                                                                                                                                                                                                                                                                  SHA1:4E1E6BA3772428227CB033747006B4887E5D9AD1
                                                                                                                                                                                                                                                                  SHA-256:6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
                                                                                                                                                                                                                                                                  SHA-512:CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_uk.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):158274
                                                                                                                                                                                                                                                                  Entropy (8bit):5.402056706327934
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                                                                                                  MD5:D6234E4E21021102B021744D5FA22346
                                                                                                                                                                                                                                                                  SHA1:63A14327D0CF0941D6D6B58BFA7E8B10337F557B
                                                                                                                                                                                                                                                                  SHA-256:51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
                                                                                                                                                                                                                                                                  SHA-512:37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......uk_UAB../....*...E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H...*...I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..*y...s.......t...........;.......n...;..*Q...;..+U...;.......;...x...;..!(...M..*....O.......O...........6...}..*........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\Qt5\translations\qtbase_zh_TW.qm

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Qt Translation file
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):127849
                                                                                                                                                                                                                                                                  Entropy (8bit):5.83455389078597
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
                                                                                                                                                                                                                                                                  MD5:9C6A3721D01ECAF3F952CE96F46CE046
                                                                                                                                                                                                                                                                  SHA1:4A944E9E31DF778F7012D8E4A66497583BFD2118
                                                                                                                                                                                                                                                                  SHA-256:085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
                                                                                                                                                                                                                                                                  SHA-512:6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:<.d....!..`.......zh_TWB..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtCore.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):2483712
                                                                                                                                                                                                                                                                  Entropy (8bit):6.241719144701645
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
                                                                                                                                                                                                                                                                  MD5:678FA1496FFDEA3A530FA146DEDCDBCC
                                                                                                                                                                                                                                                                  SHA1:C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
                                                                                                                                                                                                                                                                  SHA-256:D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
                                                                                                                                                                                                                                                                  SHA-512:8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(.*...........+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(.......*.................. ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtGui.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):2494976
                                                                                                                                                                                                                                                                  Entropy (8bit):6.232020603277999
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
                                                                                                                                                                                                                                                                  MD5:AE182C36F5839BADDC9DCB71192CFA7A
                                                                                                                                                                                                                                                                  SHA1:C9FA448981BA61343C7D7DECACAE300CAD416957
                                                                                                                                                                                                                                                                  SHA-256:A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
                                                                                                                                                                                                                                                                  SHA-512:8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\QtWidgets.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5144576
                                                                                                                                                                                                                                                                  Entropy (8bit):6.262739223310643
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
                                                                                                                                                                                                                                                                  MD5:E8C3BFBC19378E541F5F569E2023B7AA
                                                                                                                                                                                                                                                                  SHA1:ACA007030C1CEE45CBC692ADCB8BCB29665792BA
                                                                                                                                                                                                                                                                  SHA-256:A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
                                                                                                                                                                                                                                                                  SHA-512:9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\PyQt5\sip.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):120320
                                                                                                                                                                                                                                                                  Entropy (8bit):6.034057886020456
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
                                                                                                                                                                                                                                                                  MD5:4F7F9E3A9466F4C0103FB04E1987E098
                                                                                                                                                                                                                                                                  SHA1:D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
                                                                                                                                                                                                                                                                  SHA-256:EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
                                                                                                                                                                                                                                                                  SHA-512:920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\VCRUNTIME140.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):120400
                                                                                                                                                                                                                                                                  Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                                                  MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                                                  SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                                                  SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                                                  SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):49744
                                                                                                                                                                                                                                                                  Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                                                  MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                                                  SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                                                  SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                                                  SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_bz2.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):84240
                                                                                                                                                                                                                                                                  Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                                                  MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                                                  SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                                                  SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                                                  SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_ctypes.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):131344
                                                                                                                                                                                                                                                                  Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                                                  MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                                                  SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                                                  SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                                                  SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_decimal.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):277776
                                                                                                                                                                                                                                                                  Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                                                  MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                                                  SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                                                  SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                                                  SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_hashlib.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):64272
                                                                                                                                                                                                                                                                  Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                                                  MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                                                  SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                                                  SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                                                  SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_lzma.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):157968
                                                                                                                                                                                                                                                                  Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                                                  MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                                                  SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                                                  SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                                                  SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_queue.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):33552
                                                                                                                                                                                                                                                                  Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                                                  MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                                                  SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                                                  SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                                                  SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_socket.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):83728
                                                                                                                                                                                                                                                                  Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                                                  MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                                                  SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                                                  SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                                                  SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_ssl.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):181520
                                                                                                                                                                                                                                                                  Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                                                  MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                                                  SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                                                  SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                                                  SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\_wmi.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):38160
                                                                                                                                                                                                                                                                  Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                                                  MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                                                  SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                                                  SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                                                  SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\base_library.zip

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1394456
                                                                                                                                                                                                                                                                  Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                                                  MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                                                  SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                                                  SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                                                  SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\certifi\cacert.pem

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):299427
                                                                                                                                                                                                                                                                  Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                                  MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                                  SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                                  SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                                  SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                  Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                                                  MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                                                  SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                                                  SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                                                  SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):124928
                                                                                                                                                                                                                                                                  Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                                                  MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                                                  SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                                                  SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                                                  SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\libcrypto-3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):5232408
                                                                                                                                                                                                                                                                  Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                                                  MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                                                  SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                                                  SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                                                  SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\libffi-8.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):39696
                                                                                                                                                                                                                                                                  Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                                  MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                                  SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                                  SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                                  SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\libssl-3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):792856
                                                                                                                                                                                                                                                                  Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                                                  MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                                                  SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                                                  SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                                                  SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):67072
                                                                                                                                                                                                                                                                  Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                                                  MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                                                  SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                                                  SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                                                  SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\python3.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):70416
                                                                                                                                                                                                                                                                  Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                                                  MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                                                  SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                                                  SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                                                  SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\python313.dll

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):6083856
                                                                                                                                                                                                                                                                  Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                                                  MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                                                  SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                                                  SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                                                  SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\select.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):30992
                                                                                                                                                                                                                                                                  Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                                                  MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                                                  SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                                                  SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                                                  SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72882\unicodedata.pyd

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):709904
                                                                                                                                                                                                                                                                  Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                                                  MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                                                  SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                                                  SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                                                  SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                                  Entropy (8bit):4.4656462969950494
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:qIXfpi67eLPU9skLmb0b49WSPKaJG8nAgejZMMhA2gX4WABl0uNbdwBCswSbt:fXD949WlLZMM6YFHV+t
                                                                                                                                                                                                                                                                  MD5:CB8B6FB79285C4E1F235D7B07CAA57DD
                                                                                                                                                                                                                                                                  SHA1:0617D7AC2343A22F676E0A8F430F0495F709FB11
                                                                                                                                                                                                                                                                  SHA-256:B20A387DA38AF9B9C2C618C0A4876A6CCB6DFC264BE756D4E79902575DDC4D70
                                                                                                                                                                                                                                                                  SHA-512:C2EDEC51247C68908DE2AD3441C268701601DCF863859DE13EE5CCAF88C5599F169F8E80B60467368438828F7113D8545DF75484FA54101F347C5DC29274B744
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....J..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                  Entropy (8bit):7.995838779111548
                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                  File name:y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  File size:38'750'516 bytes
                                                                                                                                                                                                                                                                  MD5:a243fe9d1cfb5bf4e5c21c6e4861e09c
                                                                                                                                                                                                                                                                  SHA1:41e893ae4232e1a36346daa0238d77e6d8ccbf92
                                                                                                                                                                                                                                                                  SHA256:49212837ba25c47f2e11e30a5de4b52c07bb6f6972b339705fbc3502af1eb880
                                                                                                                                                                                                                                                                  SHA512:c4eeccbb08ad4389b51daa2fbe54518331bb6003a028ed8f94169faa8a26f32c92dd8fe5c0b3aed2bacaab350704cca1358d18851916db009aa384c83d128b2d
                                                                                                                                                                                                                                                                  SSDEEP:786432:J+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBdebXMb8VH/zEa:LXGMK4XR3bLSCU/+6yPl3ebcBa
                                                                                                                                                                                                                                                                  TLSH:06873300E5D409DEE5B22974F4F1528BD559F0EE4B72C3EB81B0025385B7BC09A6EA7B
                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                  Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Entrypoint:0x14000cdb0
                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                  Time Stamp:0x67540C3A [Sat Dec 7 08:50:02 2024 UTC]
                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                  Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                  call 00007F896910DA6Ch
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                  jmp 00007F896910D68Fh
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                  call 00007F896910DE38h
                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                  je 00007F896910D833h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                                  jmp 00007F896910D817h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                                                  je 00007F896910D826h
                                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                                                                                  jne 00007F896910D800h
                                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                                  jmp 00007F896910D809h
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                                                  jne 00007F896910D819h
                                                                                                                                                                                                                                                                  mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                                                                                  call 00007F896910CF65h
                                                                                                                                                                                                                                                                  call 00007F896910E250h
                                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                                  jne 00007F896910D816h
                                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                                  jmp 00007F896910D826h
                                                                                                                                                                                                                                                                  call 00007F896911AD6Fh
                                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                                  jne 00007F896910D81Bh
                                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                                  call 00007F896910E260h
                                                                                                                                                                                                                                                                  jmp 00007F896910D7FCh
                                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                                  cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                                  jne 00007F896910D879h
                                                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                                                  jnbe 00007F896910D87Ch
                                                                                                                                                                                                                                                                  call 00007F896910DDAEh
                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                  je 00007F896910D83Ah
                                                                                                                                                                                                                                                                  test ebx, ebx
                                                                                                                                                                                                                                                                  jne 00007F896910D836h
                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                  lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                                                                                  call 00007F896911AB62h

                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                  .text0x10000x29f000x2a0002a7ae207b6295492e9da088072661752False0.5514439174107143data6.487454925709845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .rdata0x2b0000x12a500x12c004fb8aca5c059a8f3f4452c232953797cFalse0.5244661458333333data5.752629395476709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                  .pdata0x440000x22500x2400f5559f14427a02f0a5dbd0dd026cae54False0.470703125data5.291665041994019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                  RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                                                  RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                                                  RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                                                  RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                                                  RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                                                  RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                                                  RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                                                                                  RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                  USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                                                                                  KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.662163019 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.662239075 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.662357092 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.666837931 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.666856050 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.894643068 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.895378113 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.895412922 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.896919966 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.896986961 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.898778915 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.898948908 CET49732443192.168.2.4104.20.22.46
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.898957968 CET44349732104.20.22.46192.168.2.4
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:52.899033070 CET49732443192.168.2.4104.20.22.46

                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.348277092 CET6089353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.659749031 CET53608931.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.348277092 CET192.168.2.41.1.1.10xab7dStandard query (0)nodejs.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.659749031 CET1.1.1.1192.168.2.40xab7dNo error (0)nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 10, 2024 06:53:51.659749031 CET1.1.1.1192.168.2.40xab7dNo error (0)nodejs.org104.20.23.46A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                  Start time:00:53:34
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\y3x8pjQ1Ci.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x7ff769d80000
                                                                                                                                                                                                                                                                  File size:38'750'516 bytes
                                                                                                                                                                                                                                                                  MD5 hash:A243FE9D1CFB5BF4E5C21C6E4861E09C
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                  Start time:00:53:39
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\y3x8pjQ1Ci.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x7ff769d80000
                                                                                                                                                                                                                                                                  File size:38'750'516 bytes
                                                                                                                                                                                                                                                                  MD5 hash:A243FE9D1CFB5BF4E5C21C6E4861E09C
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                  Start time:00:53:48
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:systeminfo
                                                                                                                                                                                                                                                                  Imagebase:0x7ff61f9d0000
                                                                                                                                                                                                                                                                  File size:110'080 bytes
                                                                                                                                                                                                                                                                  MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                  Start time:00:53:48
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                  Start time:00:53:49
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                                                                                                                                                                  File size:496'640 bytes
                                                                                                                                                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                  Start time:00:53:49
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6ada30000
                                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                  Start time:00:53:49
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                  Start time:00:53:49
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:wmic computersystem get manufacturer
                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c6d30000
                                                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                  Start time:00:53:55
                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7356 -s 940
                                                                                                                                                                                                                                                                  Imagebase:0x7ff7995a0000
                                                                                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:10.4%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                    Signature Coverage:19.6%
                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:76
                                                                                                                                                                                                                                                                    execution_graph 20208 7ff769daadfe 20209 7ff769daae17 20208->20209 20210 7ff769daae0d 20208->20210 20212 7ff769da0338 LeaveCriticalSection 20210->20212 20213 7ff769d95410 20214 7ff769d9541b 20213->20214 20222 7ff769d9f2a4 20214->20222 20235 7ff769da02d8 EnterCriticalSection 20222->20235 17044 7ff769d9f98c 17045 7ff769d9fb7e 17044->17045 17049 7ff769d9f9ce _isindst 17044->17049 17046 7ff769d94f08 _get_daylight 11 API calls 17045->17046 17064 7ff769d9fb6e 17046->17064 17047 7ff769d8c550 _log10_special 8 API calls 17048 7ff769d9fb99 17047->17048 17049->17045 17050 7ff769d9fa4e _isindst 17049->17050 17065 7ff769da6194 17050->17065 17055 7ff769d9fbaa 17057 7ff769d9a900 _isindst 17 API calls 17055->17057 17059 7ff769d9fbbe 17057->17059 17062 7ff769d9faab 17062->17064 17089 7ff769da61d8 17062->17089 17064->17047 17066 7ff769da61a3 17065->17066 17069 7ff769d9fa6c 17065->17069 17096 7ff769da02d8 EnterCriticalSection 17066->17096 17071 7ff769da5598 17069->17071 17072 7ff769da55a1 17071->17072 17074 7ff769d9fa81 17071->17074 17073 7ff769d94f08 _get_daylight 11 API calls 17072->17073 17075 7ff769da55a6 17073->17075 17074->17055 17077 7ff769da55c8 17074->17077 17076 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17075->17076 17076->17074 17078 7ff769da55d1 17077->17078 17079 7ff769d9fa92 17077->17079 17080 7ff769d94f08 _get_daylight 11 API calls 17078->17080 17079->17055 17083 7ff769da55f8 17079->17083 17081 7ff769da55d6 17080->17081 17082 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17081->17082 17082->17079 17084 7ff769da5601 17083->17084 17085 7ff769d9faa3 17083->17085 17086 7ff769d94f08 _get_daylight 11 API calls 17084->17086 17085->17055 17085->17062 17087 7ff769da5606 17086->17087 17088 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17087->17088 17088->17085 17097 7ff769da02d8 EnterCriticalSection 17089->17097 15895 7ff769d8bae0 15896 7ff769d8bb0e 15895->15896 15897 7ff769d8baf5 15895->15897 15897->15896 15900 7ff769d9d5fc 15897->15900 15901 7ff769d9d647 15900->15901 15902 7ff769d9d60b _get_daylight 15900->15902 15910 7ff769d94f08 15901->15910 15902->15901 15904 7ff769d9d62e HeapAlloc 15902->15904 15907 7ff769da3590 15902->15907 15904->15902 15905 7ff769d8bb6e 15904->15905 15913 7ff769da35d0 15907->15913 15919 7ff769d9b2c8 GetLastError 15910->15919 15912 7ff769d94f11 15912->15905 15918 7ff769da02d8 EnterCriticalSection 15913->15918 15920 7ff769d9b309 FlsSetValue 15919->15920 15921 7ff769d9b2ec 15919->15921 15922 7ff769d9b31b 15920->15922 15934 7ff769d9b2f9 SetLastError 15920->15934 15921->15920 15921->15934 15936 7ff769d9eb98 15922->15936 15926 7ff769d9b348 FlsSetValue 15928 7ff769d9b354 FlsSetValue 15926->15928 15929 7ff769d9b366 15926->15929 15927 7ff769d9b338 FlsSetValue 15930 7ff769d9b341 15927->15930 15928->15930 15949 7ff769d9aef4 15929->15949 15943 7ff769d9a948 15930->15943 15934->15912 15937 7ff769d9eba9 _get_daylight 15936->15937 15938 7ff769d9ebfa 15937->15938 15939 7ff769d9ebde HeapAlloc 15937->15939 15942 7ff769da3590 _get_daylight 2 API calls 15937->15942 15941 7ff769d94f08 _get_daylight 10 API calls 15938->15941 15939->15937 15940 7ff769d9b32a 15939->15940 15940->15926 15940->15927 15941->15940 15942->15937 15944 7ff769d9a97c 15943->15944 15945 7ff769d9a94d RtlFreeHeap 15943->15945 15944->15934 15945->15944 15946 7ff769d9a968 GetLastError 15945->15946 15947 7ff769d9a975 __free_lconv_num 15946->15947 15948 7ff769d94f08 _get_daylight 9 API calls 15947->15948 15948->15944 15954 7ff769d9adcc 15949->15954 15966 7ff769da02d8 EnterCriticalSection 15954->15966 15968 7ff769d99961 15980 7ff769d9a3d8 15968->15980 15985 7ff769d9b150 GetLastError 15980->15985 15986 7ff769d9b191 FlsSetValue 15985->15986 15987 7ff769d9b174 FlsGetValue 15985->15987 15989 7ff769d9b1a3 15986->15989 16005 7ff769d9b181 15986->16005 15988 7ff769d9b18b 15987->15988 15987->16005 15988->15986 15991 7ff769d9eb98 _get_daylight 11 API calls 15989->15991 15990 7ff769d9b1fd SetLastError 15992 7ff769d9a3e1 15990->15992 15993 7ff769d9b21d 15990->15993 15994 7ff769d9b1b2 15991->15994 16007 7ff769d9a504 15992->16007 15995 7ff769d9a504 _CallSETranslator 38 API calls 15993->15995 15996 7ff769d9b1d0 FlsSetValue 15994->15996 15997 7ff769d9b1c0 FlsSetValue 15994->15997 15998 7ff769d9b222 15995->15998 16000 7ff769d9b1dc FlsSetValue 15996->16000 16001 7ff769d9b1ee 15996->16001 15999 7ff769d9b1c9 15997->15999 16003 7ff769d9a948 __free_lconv_num 11 API calls 15999->16003 16000->15999 16002 7ff769d9aef4 _get_daylight 11 API calls 16001->16002 16004 7ff769d9b1f6 16002->16004 16003->16005 16006 7ff769d9a948 __free_lconv_num 11 API calls 16004->16006 16005->15990 16006->15990 16016 7ff769da3650 16007->16016 16050 7ff769da3608 16016->16050 16055 7ff769da02d8 EnterCriticalSection 16050->16055 20245 7ff769daabe3 20246 7ff769daabf3 20245->20246 20249 7ff769d95478 LeaveCriticalSection 20246->20249 20452 7ff769daad69 20455 7ff769d95478 LeaveCriticalSection 20452->20455 17098 7ff769d8cc3c 17119 7ff769d8ce0c 17098->17119 17101 7ff769d8cd88 17273 7ff769d8d12c IsProcessorFeaturePresent 17101->17273 17102 7ff769d8cc58 __scrt_acquire_startup_lock 17104 7ff769d8cd92 17102->17104 17111 7ff769d8cc76 __scrt_release_startup_lock 17102->17111 17105 7ff769d8d12c 7 API calls 17104->17105 17107 7ff769d8cd9d _CallSETranslator 17105->17107 17106 7ff769d8cc9b 17108 7ff769d8cd21 17125 7ff769d8d274 17108->17125 17110 7ff769d8cd26 17128 7ff769d81000 17110->17128 17111->17106 17111->17108 17262 7ff769d99b2c 17111->17262 17116 7ff769d8cd49 17116->17107 17269 7ff769d8cf90 17116->17269 17120 7ff769d8ce14 17119->17120 17121 7ff769d8ce20 __scrt_dllmain_crt_thread_attach 17120->17121 17122 7ff769d8cc50 17121->17122 17123 7ff769d8ce2d 17121->17123 17122->17101 17122->17102 17123->17122 17280 7ff769d8d888 17123->17280 17126 7ff769daa4d0 __scrt_get_show_window_mode 17125->17126 17127 7ff769d8d28b GetStartupInfoW 17126->17127 17127->17110 17129 7ff769d81009 17128->17129 17307 7ff769d95484 17129->17307 17131 7ff769d837fb 17314 7ff769d836b0 17131->17314 17135 7ff769d8c550 _log10_special 8 API calls 17137 7ff769d83ca7 17135->17137 17267 7ff769d8d2b8 GetModuleHandleW 17137->17267 17138 7ff769d8383c 17481 7ff769d81c80 17138->17481 17139 7ff769d8391b 17490 7ff769d845c0 17139->17490 17143 7ff769d8385b 17386 7ff769d88830 17143->17386 17144 7ff769d8396a 17513 7ff769d82710 17144->17513 17148 7ff769d8388e 17155 7ff769d838bb __vcrt_freefls 17148->17155 17485 7ff769d889a0 17148->17485 17149 7ff769d8395d 17150 7ff769d83984 17149->17150 17151 7ff769d83962 17149->17151 17154 7ff769d81c80 49 API calls 17150->17154 17509 7ff769d9004c 17151->17509 17156 7ff769d839a3 17154->17156 17157 7ff769d88830 14 API calls 17155->17157 17165 7ff769d838de __vcrt_freefls 17155->17165 17161 7ff769d81950 115 API calls 17156->17161 17157->17165 17159 7ff769d83a0b 17160 7ff769d889a0 40 API calls 17159->17160 17163 7ff769d83a17 17160->17163 17162 7ff769d839ce 17161->17162 17162->17143 17164 7ff769d839de 17162->17164 17166 7ff769d889a0 40 API calls 17163->17166 17167 7ff769d82710 54 API calls 17164->17167 17170 7ff769d8390e __vcrt_freefls 17165->17170 17399 7ff769d88940 17165->17399 17168 7ff769d83a23 17166->17168 17209 7ff769d83808 __vcrt_freefls 17167->17209 17169 7ff769d889a0 40 API calls 17168->17169 17169->17170 17171 7ff769d88830 14 API calls 17170->17171 17172 7ff769d83a3b 17171->17172 17173 7ff769d83b2f 17172->17173 17174 7ff769d83a60 __vcrt_freefls 17172->17174 17175 7ff769d82710 54 API calls 17173->17175 17176 7ff769d88940 40 API calls 17174->17176 17184 7ff769d83aab 17174->17184 17175->17209 17176->17184 17177 7ff769d88830 14 API calls 17178 7ff769d83bf4 __vcrt_freefls 17177->17178 17179 7ff769d83c46 17178->17179 17180 7ff769d83d41 17178->17180 17181 7ff769d83cd4 17179->17181 17182 7ff769d83c50 17179->17182 17524 7ff769d844e0 17180->17524 17186 7ff769d88830 14 API calls 17181->17186 17406 7ff769d890e0 17182->17406 17184->17177 17189 7ff769d83ce0 17186->17189 17187 7ff769d83d4f 17190 7ff769d83d65 17187->17190 17191 7ff769d83d71 17187->17191 17192 7ff769d83c61 17189->17192 17196 7ff769d83ced 17189->17196 17527 7ff769d84630 17190->17527 17194 7ff769d81c80 49 API calls 17191->17194 17199 7ff769d82710 54 API calls 17192->17199 17205 7ff769d83cc8 __vcrt_freefls 17194->17205 17200 7ff769d81c80 49 API calls 17196->17200 17197 7ff769d83dc4 17456 7ff769d89390 17197->17456 17199->17209 17202 7ff769d83d0b 17200->17202 17202->17205 17206 7ff769d83d12 17202->17206 17203 7ff769d83da7 SetDllDirectoryW LoadLibraryExW 17203->17197 17204 7ff769d83dd7 SetDllDirectoryW 17210 7ff769d83e0a 17204->17210 17252 7ff769d83e5a 17204->17252 17205->17197 17205->17203 17208 7ff769d82710 54 API calls 17206->17208 17208->17209 17209->17135 17212 7ff769d88830 14 API calls 17210->17212 17211 7ff769d84008 17214 7ff769d84035 17211->17214 17215 7ff769d84012 PostMessageW GetMessageW 17211->17215 17218 7ff769d83e16 __vcrt_freefls 17212->17218 17213 7ff769d83f1b 17461 7ff769d833c0 17213->17461 17604 7ff769d83360 17214->17604 17215->17214 17220 7ff769d83ef2 17218->17220 17224 7ff769d83e4e 17218->17224 17223 7ff769d88940 40 API calls 17220->17223 17223->17252 17224->17252 17530 7ff769d86dc0 17224->17530 17252->17211 17252->17213 17263 7ff769d99b64 17262->17263 17264 7ff769d99b43 17262->17264 17265 7ff769d9a3d8 45 API calls 17263->17265 17264->17108 17266 7ff769d99b69 17265->17266 17268 7ff769d8d2c9 17267->17268 17268->17116 17271 7ff769d8cfa1 17269->17271 17270 7ff769d8cd60 17270->17106 17271->17270 17272 7ff769d8d888 7 API calls 17271->17272 17272->17270 17274 7ff769d8d152 __scrt_get_show_window_mode _CallSETranslator 17273->17274 17275 7ff769d8d171 RtlCaptureContext RtlLookupFunctionEntry 17274->17275 17276 7ff769d8d1d6 __scrt_get_show_window_mode 17275->17276 17277 7ff769d8d19a RtlVirtualUnwind 17275->17277 17278 7ff769d8d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17276->17278 17277->17276 17279 7ff769d8d256 _CallSETranslator 17278->17279 17279->17104 17281 7ff769d8d890 17280->17281 17282 7ff769d8d89a 17280->17282 17286 7ff769d8dc24 17281->17286 17282->17122 17287 7ff769d8d895 17286->17287 17288 7ff769d8dc33 17286->17288 17290 7ff769d8dc90 17287->17290 17294 7ff769d8de60 17288->17294 17291 7ff769d8dcbb 17290->17291 17292 7ff769d8dcbf 17291->17292 17293 7ff769d8dc9e DeleteCriticalSection 17291->17293 17292->17282 17293->17291 17298 7ff769d8dcc8 17294->17298 17299 7ff769d8dd0c __vcrt_FlsAlloc 17298->17299 17305 7ff769d8ddb2 TlsFree 17298->17305 17300 7ff769d8dd3a LoadLibraryExW 17299->17300 17301 7ff769d8ddf9 GetProcAddress 17299->17301 17299->17305 17306 7ff769d8dd7d LoadLibraryExW 17299->17306 17302 7ff769d8ddd9 17300->17302 17303 7ff769d8dd5b GetLastError 17300->17303 17301->17305 17302->17301 17304 7ff769d8ddf0 FreeLibrary 17302->17304 17303->17299 17304->17301 17306->17299 17306->17302 17310 7ff769d9f480 17307->17310 17308 7ff769d9f4d3 17309 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17308->17309 17313 7ff769d9f4fc 17309->17313 17310->17308 17311 7ff769d9f526 17310->17311 17617 7ff769d9f358 17311->17617 17313->17131 17625 7ff769d8c850 17314->17625 17317 7ff769d836eb GetLastError 17632 7ff769d82c50 17317->17632 17318 7ff769d83710 17627 7ff769d89280 FindFirstFileExW 17318->17627 17321 7ff769d83706 17326 7ff769d8c550 _log10_special 8 API calls 17321->17326 17323 7ff769d8377d 17658 7ff769d89440 17323->17658 17324 7ff769d83723 17647 7ff769d89300 CreateFileW 17324->17647 17329 7ff769d837b5 17326->17329 17328 7ff769d8378b 17328->17321 17333 7ff769d82810 49 API calls 17328->17333 17329->17209 17336 7ff769d81950 17329->17336 17331 7ff769d8374c __vcrt_FlsAlloc 17331->17323 17332 7ff769d83734 17650 7ff769d82810 17332->17650 17333->17321 17337 7ff769d845c0 108 API calls 17336->17337 17338 7ff769d81985 17337->17338 17339 7ff769d81c43 17338->17339 17341 7ff769d87f90 83 API calls 17338->17341 17340 7ff769d8c550 _log10_special 8 API calls 17339->17340 17343 7ff769d81c5e 17340->17343 17342 7ff769d819cb 17341->17342 17385 7ff769d81a03 17342->17385 18003 7ff769d906d4 17342->18003 17343->17138 17343->17139 17345 7ff769d9004c 74 API calls 17345->17339 17346 7ff769d819e5 17347 7ff769d819e9 17346->17347 17348 7ff769d81a08 17346->17348 17349 7ff769d94f08 _get_daylight 11 API calls 17347->17349 18007 7ff769d9039c 17348->18007 17351 7ff769d819ee 17349->17351 18010 7ff769d82910 17351->18010 17354 7ff769d81a26 17356 7ff769d94f08 _get_daylight 11 API calls 17354->17356 17355 7ff769d81a45 17358 7ff769d81a5c 17355->17358 17359 7ff769d81a7b 17355->17359 17357 7ff769d81a2b 17356->17357 17360 7ff769d82910 54 API calls 17357->17360 17361 7ff769d94f08 _get_daylight 11 API calls 17358->17361 17362 7ff769d81c80 49 API calls 17359->17362 17360->17385 17363 7ff769d81a61 17361->17363 17364 7ff769d81a92 17362->17364 17365 7ff769d82910 54 API calls 17363->17365 17366 7ff769d81c80 49 API calls 17364->17366 17365->17385 17367 7ff769d81add 17366->17367 17368 7ff769d906d4 73 API calls 17367->17368 17369 7ff769d81b01 17368->17369 17370 7ff769d81b16 17369->17370 17371 7ff769d81b35 17369->17371 17372 7ff769d94f08 _get_daylight 11 API calls 17370->17372 17373 7ff769d9039c _fread_nolock 53 API calls 17371->17373 17374 7ff769d81b1b 17372->17374 17375 7ff769d81b4a 17373->17375 17376 7ff769d82910 54 API calls 17374->17376 17377 7ff769d81b50 17375->17377 17378 7ff769d81b6f 17375->17378 17376->17385 17380 7ff769d94f08 _get_daylight 11 API calls 17377->17380 18025 7ff769d90110 17378->18025 17382 7ff769d81b55 17380->17382 17383 7ff769d82910 54 API calls 17382->17383 17383->17385 17384 7ff769d82710 54 API calls 17384->17385 17385->17345 17387 7ff769d8883a 17386->17387 17388 7ff769d89390 2 API calls 17387->17388 17389 7ff769d88859 GetEnvironmentVariableW 17388->17389 17390 7ff769d888c2 17389->17390 17391 7ff769d88876 ExpandEnvironmentStringsW 17389->17391 17392 7ff769d8c550 _log10_special 8 API calls 17390->17392 17391->17390 17393 7ff769d88898 17391->17393 17394 7ff769d888d4 17392->17394 17395 7ff769d89440 2 API calls 17393->17395 17394->17148 17396 7ff769d888aa 17395->17396 17397 7ff769d8c550 _log10_special 8 API calls 17396->17397 17398 7ff769d888ba 17397->17398 17398->17148 17400 7ff769d89390 2 API calls 17399->17400 17401 7ff769d8895c 17400->17401 17402 7ff769d89390 2 API calls 17401->17402 17403 7ff769d8896c 17402->17403 18240 7ff769d98238 17403->18240 17405 7ff769d8897a __vcrt_freefls 17405->17159 17407 7ff769d890f5 17406->17407 18258 7ff769d88570 GetCurrentProcess OpenProcessToken 17407->18258 17410 7ff769d88570 7 API calls 17411 7ff769d89121 17410->17411 17412 7ff769d89154 17411->17412 17413 7ff769d8913a 17411->17413 17415 7ff769d826b0 48 API calls 17412->17415 17414 7ff769d826b0 48 API calls 17413->17414 17416 7ff769d89152 17414->17416 17417 7ff769d89167 LocalFree LocalFree 17415->17417 17416->17417 17418 7ff769d89183 17417->17418 17420 7ff769d8918f 17417->17420 18268 7ff769d82b50 17418->18268 17421 7ff769d8c550 _log10_special 8 API calls 17420->17421 17422 7ff769d83c55 17421->17422 17422->17192 17423 7ff769d88660 17422->17423 17424 7ff769d88678 17423->17424 17425 7ff769d886fa GetTempPathW GetCurrentProcessId 17424->17425 17426 7ff769d8869c 17424->17426 18277 7ff769d825c0 17425->18277 17428 7ff769d88830 14 API calls 17426->17428 17429 7ff769d886a8 17428->17429 18284 7ff769d881d0 17429->18284 17436 7ff769d88728 __vcrt_freefls 17443 7ff769d88765 __vcrt_freefls 17436->17443 18281 7ff769d98b68 17436->18281 17441 7ff769d887d4 __vcrt_freefls 17442 7ff769d8c550 _log10_special 8 API calls 17441->17442 17444 7ff769d83cbb 17442->17444 17443->17441 17448 7ff769d89390 2 API calls 17443->17448 17444->17192 17444->17205 17449 7ff769d887b1 17448->17449 17450 7ff769d887b6 17449->17450 17451 7ff769d887e9 17449->17451 17452 7ff769d89390 2 API calls 17450->17452 17453 7ff769d98238 38 API calls 17451->17453 17453->17441 17457 7ff769d893d6 17456->17457 17458 7ff769d893b2 MultiByteToWideChar 17456->17458 17459 7ff769d893f3 MultiByteToWideChar 17457->17459 17460 7ff769d893ec __vcrt_freefls 17457->17460 17458->17457 17458->17460 17459->17460 17460->17204 17473 7ff769d833ce __scrt_get_show_window_mode 17461->17473 17462 7ff769d8c550 _log10_special 8 API calls 17463 7ff769d83664 17462->17463 17463->17209 17480 7ff769d890c0 LocalFree 17463->17480 17464 7ff769d835c7 17464->17462 17466 7ff769d81c80 49 API calls 17466->17473 17467 7ff769d835e2 17469 7ff769d82710 54 API calls 17467->17469 17469->17464 17472 7ff769d835c9 17475 7ff769d82710 54 API calls 17472->17475 17473->17464 17473->17466 17473->17467 17473->17472 17474 7ff769d82a50 54 API calls 17473->17474 17478 7ff769d835d0 17473->17478 18446 7ff769d84560 17473->18446 18452 7ff769d87e20 17473->18452 18463 7ff769d81600 17473->18463 18511 7ff769d87120 17473->18511 18515 7ff769d84190 17473->18515 18559 7ff769d84450 17473->18559 17474->17473 17475->17464 17479 7ff769d82710 54 API calls 17478->17479 17479->17464 17482 7ff769d81ca5 17481->17482 17483 7ff769d94984 49 API calls 17482->17483 17484 7ff769d81cc8 17483->17484 17484->17143 17486 7ff769d89390 2 API calls 17485->17486 17487 7ff769d889b4 17486->17487 17488 7ff769d98238 38 API calls 17487->17488 17489 7ff769d889c6 __vcrt_freefls 17488->17489 17489->17155 17491 7ff769d845cc 17490->17491 17492 7ff769d89390 2 API calls 17491->17492 17493 7ff769d845f4 17492->17493 17494 7ff769d89390 2 API calls 17493->17494 17495 7ff769d84607 17494->17495 18726 7ff769d95f94 17495->18726 17498 7ff769d8c550 _log10_special 8 API calls 17499 7ff769d8392b 17498->17499 17499->17144 17500 7ff769d87f90 17499->17500 17501 7ff769d87fb4 17500->17501 17502 7ff769d8808b __vcrt_freefls 17501->17502 17503 7ff769d906d4 73 API calls 17501->17503 17502->17149 17504 7ff769d87fd0 17503->17504 17504->17502 19117 7ff769d978c8 17504->19117 17506 7ff769d87fe5 17506->17502 17507 7ff769d906d4 73 API calls 17506->17507 17508 7ff769d9039c _fread_nolock 53 API calls 17506->17508 17507->17506 17508->17506 17510 7ff769d9007c 17509->17510 19132 7ff769d8fe28 17510->19132 17512 7ff769d90095 17512->17144 17514 7ff769d8c850 17513->17514 17515 7ff769d82734 GetCurrentProcessId 17514->17515 17516 7ff769d81c80 49 API calls 17515->17516 17517 7ff769d82787 17516->17517 17518 7ff769d94984 49 API calls 17517->17518 17519 7ff769d827cf 17518->17519 17520 7ff769d82620 12 API calls 17519->17520 17521 7ff769d827f1 17520->17521 17522 7ff769d8c550 _log10_special 8 API calls 17521->17522 17523 7ff769d82801 17522->17523 17523->17209 17525 7ff769d81c80 49 API calls 17524->17525 17526 7ff769d844fd 17525->17526 17526->17187 17528 7ff769d81c80 49 API calls 17527->17528 17529 7ff769d84660 17528->17529 17529->17205 17531 7ff769d86dd5 17530->17531 17532 7ff769d83e6c 17531->17532 17533 7ff769d94f08 _get_daylight 11 API calls 17531->17533 17536 7ff769d87340 17532->17536 17534 7ff769d86de2 17533->17534 17535 7ff769d82910 54 API calls 17534->17535 17535->17532 19143 7ff769d81470 17536->19143 17538 7ff769d87368 19249 7ff769d86360 17604->19249 17612 7ff769d83399 17613 7ff769d83670 17612->17613 17624 7ff769d9546c EnterCriticalSection 17617->17624 17626 7ff769d836bc GetModuleFileNameW 17625->17626 17626->17317 17626->17318 17628 7ff769d892bf FindClose 17627->17628 17629 7ff769d892d2 17627->17629 17628->17629 17630 7ff769d8c550 _log10_special 8 API calls 17629->17630 17631 7ff769d8371a 17630->17631 17631->17323 17631->17324 17633 7ff769d8c850 17632->17633 17634 7ff769d82c70 GetCurrentProcessId 17633->17634 17663 7ff769d826b0 17634->17663 17636 7ff769d82cb9 17667 7ff769d94bd8 17636->17667 17639 7ff769d826b0 48 API calls 17640 7ff769d82d34 FormatMessageW 17639->17640 17642 7ff769d82d6d 17640->17642 17643 7ff769d82d7f MessageBoxW 17640->17643 17644 7ff769d826b0 48 API calls 17642->17644 17645 7ff769d8c550 _log10_special 8 API calls 17643->17645 17644->17643 17646 7ff769d82daf 17645->17646 17646->17321 17648 7ff769d89340 GetFinalPathNameByHandleW CloseHandle 17647->17648 17649 7ff769d83730 17647->17649 17648->17649 17649->17331 17649->17332 17651 7ff769d82834 17650->17651 17652 7ff769d826b0 48 API calls 17651->17652 17653 7ff769d82887 17652->17653 17654 7ff769d94bd8 48 API calls 17653->17654 17655 7ff769d828d0 MessageBoxW 17654->17655 17656 7ff769d8c550 _log10_special 8 API calls 17655->17656 17657 7ff769d82900 17656->17657 17657->17321 17659 7ff769d8946a WideCharToMultiByte 17658->17659 17662 7ff769d89495 17658->17662 17661 7ff769d894ab __vcrt_freefls 17659->17661 17659->17662 17660 7ff769d894b2 WideCharToMultiByte 17660->17661 17661->17328 17662->17660 17662->17661 17664 7ff769d826d5 17663->17664 17665 7ff769d94bd8 48 API calls 17664->17665 17666 7ff769d826f8 17665->17666 17666->17636 17669 7ff769d94c32 17667->17669 17668 7ff769d94c57 17670 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17668->17670 17669->17668 17671 7ff769d94c93 17669->17671 17674 7ff769d94c81 17670->17674 17685 7ff769d92f90 17671->17685 17675 7ff769d8c550 _log10_special 8 API calls 17674->17675 17677 7ff769d82d04 17675->17677 17676 7ff769d9a948 __free_lconv_num 11 API calls 17676->17674 17677->17639 17678 7ff769d94d74 17678->17676 17679 7ff769d94d49 17682 7ff769d9a948 __free_lconv_num 11 API calls 17679->17682 17680 7ff769d94d9a 17680->17678 17681 7ff769d94da4 17680->17681 17684 7ff769d9a948 __free_lconv_num 11 API calls 17681->17684 17682->17674 17683 7ff769d94d40 17683->17678 17683->17679 17684->17674 17686 7ff769d92fce 17685->17686 17687 7ff769d92fbe 17685->17687 17688 7ff769d92fd7 17686->17688 17693 7ff769d93005 17686->17693 17689 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17687->17689 17690 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17688->17690 17691 7ff769d92ffd 17689->17691 17690->17691 17691->17678 17691->17679 17691->17680 17691->17683 17693->17687 17693->17691 17696 7ff769d939a4 17693->17696 17729 7ff769d933f0 17693->17729 17766 7ff769d92b80 17693->17766 17697 7ff769d939e6 17696->17697 17698 7ff769d93a57 17696->17698 17701 7ff769d93a81 17697->17701 17702 7ff769d939ec 17697->17702 17699 7ff769d93ab0 17698->17699 17700 7ff769d93a5c 17698->17700 17708 7ff769d93ac7 17699->17708 17709 7ff769d93aba 17699->17709 17714 7ff769d93abf 17699->17714 17703 7ff769d93a91 17700->17703 17704 7ff769d93a5e 17700->17704 17789 7ff769d91d54 17701->17789 17705 7ff769d93a20 17702->17705 17706 7ff769d939f1 17702->17706 17796 7ff769d91944 17703->17796 17707 7ff769d93a00 17704->17707 17717 7ff769d93a6d 17704->17717 17711 7ff769d939f7 17705->17711 17705->17714 17706->17708 17706->17711 17727 7ff769d93af0 17707->17727 17769 7ff769d94158 17707->17769 17803 7ff769d946ac 17708->17803 17709->17701 17709->17714 17711->17707 17716 7ff769d93a32 17711->17716 17725 7ff769d93a1b 17711->17725 17714->17727 17807 7ff769d92164 17714->17807 17716->17727 17779 7ff769d94494 17716->17779 17717->17701 17719 7ff769d93a72 17717->17719 17719->17727 17785 7ff769d94558 17719->17785 17721 7ff769d8c550 _log10_special 8 API calls 17722 7ff769d93dea 17721->17722 17722->17693 17725->17727 17728 7ff769d93cdc 17725->17728 17814 7ff769d947c0 17725->17814 17727->17721 17728->17727 17820 7ff769d9ea08 17728->17820 17730 7ff769d93414 17729->17730 17731 7ff769d933fe 17729->17731 17732 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17730->17732 17733 7ff769d93454 17730->17733 17731->17733 17734 7ff769d939e6 17731->17734 17735 7ff769d93a57 17731->17735 17732->17733 17733->17693 17738 7ff769d93a81 17734->17738 17739 7ff769d939ec 17734->17739 17736 7ff769d93ab0 17735->17736 17737 7ff769d93a5c 17735->17737 17745 7ff769d93ac7 17736->17745 17746 7ff769d93aba 17736->17746 17751 7ff769d93abf 17736->17751 17740 7ff769d93a91 17737->17740 17741 7ff769d93a5e 17737->17741 17747 7ff769d91d54 38 API calls 17738->17747 17742 7ff769d93a20 17739->17742 17743 7ff769d939f1 17739->17743 17749 7ff769d91944 38 API calls 17740->17749 17744 7ff769d93a00 17741->17744 17755 7ff769d93a6d 17741->17755 17748 7ff769d939f7 17742->17748 17742->17751 17743->17745 17743->17748 17750 7ff769d94158 47 API calls 17744->17750 17765 7ff769d93af0 17744->17765 17752 7ff769d946ac 45 API calls 17745->17752 17746->17738 17746->17751 17761 7ff769d93a1b 17747->17761 17748->17744 17753 7ff769d93a32 17748->17753 17748->17761 17749->17761 17750->17761 17754 7ff769d92164 38 API calls 17751->17754 17751->17765 17752->17761 17756 7ff769d94494 46 API calls 17753->17756 17753->17765 17754->17761 17755->17738 17757 7ff769d93a72 17755->17757 17756->17761 17760 7ff769d94558 37 API calls 17757->17760 17757->17765 17758 7ff769d8c550 _log10_special 8 API calls 17759 7ff769d93dea 17758->17759 17759->17693 17760->17761 17762 7ff769d947c0 45 API calls 17761->17762 17764 7ff769d93cdc 17761->17764 17761->17765 17762->17764 17763 7ff769d9ea08 46 API calls 17763->17764 17764->17763 17764->17765 17765->17758 17986 7ff769d90fc8 17766->17986 17770 7ff769d9417e 17769->17770 17832 7ff769d90b80 17770->17832 17775 7ff769d947c0 45 API calls 17776 7ff769d942c3 17775->17776 17777 7ff769d947c0 45 API calls 17776->17777 17778 7ff769d94351 17776->17778 17777->17778 17778->17725 17781 7ff769d944c9 17779->17781 17780 7ff769d9450e 17780->17725 17781->17780 17782 7ff769d944e7 17781->17782 17783 7ff769d947c0 45 API calls 17781->17783 17784 7ff769d9ea08 46 API calls 17782->17784 17783->17782 17784->17780 17788 7ff769d94579 17785->17788 17786 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17787 7ff769d945aa 17786->17787 17787->17725 17788->17786 17788->17787 17790 7ff769d91d87 17789->17790 17791 7ff769d91db6 17790->17791 17793 7ff769d91e73 17790->17793 17795 7ff769d91df3 17791->17795 17959 7ff769d90c28 17791->17959 17794 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17793->17794 17794->17795 17795->17725 17797 7ff769d91977 17796->17797 17798 7ff769d919a6 17797->17798 17800 7ff769d91a63 17797->17800 17799 7ff769d90c28 12 API calls 17798->17799 17802 7ff769d919e3 17798->17802 17799->17802 17801 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17800->17801 17801->17802 17802->17725 17804 7ff769d946ef 17803->17804 17806 7ff769d946f3 __crtLCMapStringW 17804->17806 17967 7ff769d94748 17804->17967 17806->17725 17808 7ff769d92197 17807->17808 17809 7ff769d921c6 17808->17809 17812 7ff769d92283 17808->17812 17810 7ff769d92203 17809->17810 17811 7ff769d90c28 12 API calls 17809->17811 17810->17725 17811->17810 17813 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17812->17813 17813->17810 17815 7ff769d947d7 17814->17815 17971 7ff769d9d9b8 17815->17971 17821 7ff769d9ea39 17820->17821 17830 7ff769d9ea47 17820->17830 17822 7ff769d9ea67 17821->17822 17823 7ff769d947c0 45 API calls 17821->17823 17821->17830 17824 7ff769d9ea9f 17822->17824 17825 7ff769d9ea78 17822->17825 17823->17822 17827 7ff769d9eb2a 17824->17827 17828 7ff769d9eac9 17824->17828 17824->17830 17979 7ff769da00a0 17825->17979 17829 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 17827->17829 17828->17830 17831 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 17828->17831 17829->17830 17830->17728 17831->17830 17833 7ff769d90bb7 17832->17833 17839 7ff769d90ba6 17832->17839 17834 7ff769d9d5fc _fread_nolock 12 API calls 17833->17834 17833->17839 17835 7ff769d90be4 17834->17835 17836 7ff769d90bf8 17835->17836 17837 7ff769d9a948 __free_lconv_num 11 API calls 17835->17837 17838 7ff769d9a948 __free_lconv_num 11 API calls 17836->17838 17837->17836 17838->17839 17840 7ff769d9e570 17839->17840 17841 7ff769d9e5c0 17840->17841 17842 7ff769d9e58d 17840->17842 17841->17842 17845 7ff769d9e5f2 17841->17845 17843 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17842->17843 17844 7ff769d942a1 17843->17844 17844->17775 17844->17776 17850 7ff769d9e705 17845->17850 17854 7ff769d9e63a 17845->17854 17846 7ff769d9e7f7 17886 7ff769d9da5c 17846->17886 17848 7ff769d9e7bd 17879 7ff769d9ddf4 17848->17879 17850->17846 17850->17848 17851 7ff769d9e78c 17850->17851 17853 7ff769d9e74f 17850->17853 17856 7ff769d9e745 17850->17856 17872 7ff769d9e0d4 17851->17872 17862 7ff769d9e304 17853->17862 17854->17844 17858 7ff769d9a4a4 __std_exception_copy 37 API calls 17854->17858 17856->17848 17857 7ff769d9e74a 17856->17857 17857->17851 17857->17853 17859 7ff769d9e6f2 17858->17859 17859->17844 17860 7ff769d9a900 _isindst 17 API calls 17859->17860 17861 7ff769d9e854 17860->17861 17895 7ff769da40ac 17862->17895 17866 7ff769d9e3ac 17867 7ff769d9e401 17866->17867 17869 7ff769d9e3cc 17866->17869 17871 7ff769d9e3b0 17866->17871 17948 7ff769d9def0 17867->17948 17944 7ff769d9e1ac 17869->17944 17871->17844 17873 7ff769da40ac 38 API calls 17872->17873 17874 7ff769d9e11e 17873->17874 17875 7ff769da3af4 37 API calls 17874->17875 17876 7ff769d9e16e 17875->17876 17877 7ff769d9e172 17876->17877 17878 7ff769d9e1ac 45 API calls 17876->17878 17877->17844 17878->17877 17880 7ff769da40ac 38 API calls 17879->17880 17881 7ff769d9de3f 17880->17881 17882 7ff769da3af4 37 API calls 17881->17882 17883 7ff769d9de97 17882->17883 17884 7ff769d9de9b 17883->17884 17885 7ff769d9def0 45 API calls 17883->17885 17884->17844 17885->17884 17887 7ff769d9daa1 17886->17887 17888 7ff769d9dad4 17886->17888 17889 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17887->17889 17890 7ff769d9daec 17888->17890 17892 7ff769d9db6d 17888->17892 17894 7ff769d9dacd __scrt_get_show_window_mode 17889->17894 17891 7ff769d9ddf4 46 API calls 17890->17891 17891->17894 17893 7ff769d947c0 45 API calls 17892->17893 17892->17894 17893->17894 17894->17844 17896 7ff769da40ff fegetenv 17895->17896 17897 7ff769da7e2c 37 API calls 17896->17897 17902 7ff769da4152 17897->17902 17898 7ff769da417f 17901 7ff769d9a4a4 __std_exception_copy 37 API calls 17898->17901 17899 7ff769da4242 17900 7ff769da7e2c 37 API calls 17899->17900 17903 7ff769da426c 17900->17903 17905 7ff769da41fd 17901->17905 17902->17899 17906 7ff769da416d 17902->17906 17907 7ff769da421c 17902->17907 17904 7ff769da7e2c 37 API calls 17903->17904 17908 7ff769da427d 17904->17908 17909 7ff769da5324 17905->17909 17914 7ff769da4205 17905->17914 17906->17898 17906->17899 17910 7ff769d9a4a4 __std_exception_copy 37 API calls 17907->17910 17911 7ff769da8020 20 API calls 17908->17911 17912 7ff769d9a900 _isindst 17 API calls 17909->17912 17910->17905 17923 7ff769da42e6 __scrt_get_show_window_mode 17911->17923 17913 7ff769da5339 17912->17913 17915 7ff769d8c550 _log10_special 8 API calls 17914->17915 17916 7ff769d9e351 17915->17916 17940 7ff769da3af4 17916->17940 17917 7ff769da468f __scrt_get_show_window_mode 17918 7ff769da49cf 17919 7ff769da3c10 37 API calls 17918->17919 17920 7ff769da50e7 17919->17920 17929 7ff769da533c memcpy_s 37 API calls 17920->17929 17939 7ff769da5142 17920->17939 17921 7ff769da497b 17921->17918 17921->17921 17924 7ff769da533c memcpy_s 37 API calls 17921->17924 17922 7ff769da4327 memcpy_s 17933 7ff769da4783 memcpy_s __scrt_get_show_window_mode 17922->17933 17936 7ff769da4c6b memcpy_s __scrt_get_show_window_mode 17922->17936 17923->17917 17923->17922 17925 7ff769d94f08 _get_daylight 11 API calls 17923->17925 17924->17918 17927 7ff769da4760 17925->17927 17926 7ff769da52c8 17932 7ff769da7e2c 37 API calls 17926->17932 17928 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17927->17928 17928->17922 17929->17939 17930 7ff769d94f08 11 API calls _get_daylight 17930->17936 17931 7ff769d94f08 11 API calls _get_daylight 17931->17933 17932->17914 17933->17921 17933->17931 17937 7ff769d9a8e0 37 API calls _invalid_parameter_noinfo 17933->17937 17934 7ff769da3c10 37 API calls 17934->17939 17935 7ff769d9a8e0 37 API calls _invalid_parameter_noinfo 17935->17936 17936->17918 17936->17921 17936->17930 17936->17935 17937->17933 17938 7ff769da533c memcpy_s 37 API calls 17938->17939 17939->17926 17939->17934 17939->17938 17941 7ff769da3b13 17940->17941 17942 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17941->17942 17943 7ff769da3b3e memcpy_s 17941->17943 17942->17943 17943->17866 17945 7ff769d9e1d8 memcpy_s 17944->17945 17945->17945 17946 7ff769d947c0 45 API calls 17945->17946 17947 7ff769d9e292 memcpy_s __scrt_get_show_window_mode 17945->17947 17946->17947 17947->17871 17949 7ff769d9df2b 17948->17949 17953 7ff769d9df78 memcpy_s 17948->17953 17950 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17949->17950 17951 7ff769d9df57 17950->17951 17951->17871 17952 7ff769d9dfe3 17954 7ff769d9a4a4 __std_exception_copy 37 API calls 17952->17954 17953->17952 17955 7ff769d947c0 45 API calls 17953->17955 17958 7ff769d9e025 memcpy_s 17954->17958 17955->17952 17956 7ff769d9a900 _isindst 17 API calls 17957 7ff769d9e0d0 17956->17957 17958->17956 17960 7ff769d90c5f 17959->17960 17966 7ff769d90c4e 17959->17966 17961 7ff769d9d5fc _fread_nolock 12 API calls 17960->17961 17960->17966 17963 7ff769d90c90 17961->17963 17962 7ff769d90ca4 17965 7ff769d9a948 __free_lconv_num 11 API calls 17962->17965 17963->17962 17964 7ff769d9a948 __free_lconv_num 11 API calls 17963->17964 17964->17962 17965->17966 17966->17795 17968 7ff769d94766 17967->17968 17969 7ff769d9476e 17967->17969 17970 7ff769d947c0 45 API calls 17968->17970 17969->17806 17970->17969 17972 7ff769d9d9d1 17971->17972 17974 7ff769d947ff 17971->17974 17973 7ff769da3304 45 API calls 17972->17973 17972->17974 17973->17974 17975 7ff769d9da24 17974->17975 17976 7ff769d9da3d 17975->17976 17978 7ff769d9480f 17975->17978 17977 7ff769da2650 45 API calls 17976->17977 17976->17978 17977->17978 17978->17728 17982 7ff769da6d88 17979->17982 17984 7ff769da6dec 17982->17984 17983 7ff769d8c550 _log10_special 8 API calls 17985 7ff769da00bd 17983->17985 17984->17983 17985->17830 17987 7ff769d9100f 17986->17987 17988 7ff769d90ffd 17986->17988 17990 7ff769d9101d 17987->17990 17995 7ff769d91059 17987->17995 17989 7ff769d94f08 _get_daylight 11 API calls 17988->17989 17991 7ff769d91002 17989->17991 17992 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 17990->17992 17993 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17991->17993 18000 7ff769d9100d 17992->18000 17993->18000 17994 7ff769d913d5 17996 7ff769d94f08 _get_daylight 11 API calls 17994->17996 17994->18000 17995->17994 17997 7ff769d94f08 _get_daylight 11 API calls 17995->17997 17998 7ff769d91669 17996->17998 17999 7ff769d913ca 17997->17999 18001 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17998->18001 18002 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17999->18002 18000->17693 18001->18000 18002->17994 18004 7ff769d90704 18003->18004 18031 7ff769d90464 18004->18031 18006 7ff769d9071d 18006->17346 18043 7ff769d903bc 18007->18043 18011 7ff769d8c850 18010->18011 18012 7ff769d82930 GetCurrentProcessId 18011->18012 18013 7ff769d81c80 49 API calls 18012->18013 18014 7ff769d82979 18013->18014 18057 7ff769d94984 18014->18057 18019 7ff769d81c80 49 API calls 18020 7ff769d829ff 18019->18020 18087 7ff769d82620 18020->18087 18023 7ff769d8c550 _log10_special 8 API calls 18024 7ff769d82a31 18023->18024 18024->17385 18026 7ff769d90119 18025->18026 18027 7ff769d81b89 18025->18027 18028 7ff769d94f08 _get_daylight 11 API calls 18026->18028 18027->17384 18027->17385 18029 7ff769d9011e 18028->18029 18030 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18029->18030 18030->18027 18032 7ff769d904ce 18031->18032 18033 7ff769d9048e 18031->18033 18032->18033 18034 7ff769d904da 18032->18034 18035 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18033->18035 18042 7ff769d9546c EnterCriticalSection 18034->18042 18037 7ff769d904b5 18035->18037 18037->18006 18044 7ff769d81a20 18043->18044 18045 7ff769d903e6 18043->18045 18044->17354 18044->17355 18045->18044 18046 7ff769d90432 18045->18046 18047 7ff769d903f5 __scrt_get_show_window_mode 18045->18047 18056 7ff769d9546c EnterCriticalSection 18046->18056 18049 7ff769d94f08 _get_daylight 11 API calls 18047->18049 18051 7ff769d9040a 18049->18051 18053 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18051->18053 18053->18044 18060 7ff769d949de 18057->18060 18058 7ff769d94a03 18061 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18058->18061 18059 7ff769d94a3f 18096 7ff769d92c10 18059->18096 18060->18058 18060->18059 18063 7ff769d94a2d 18061->18063 18065 7ff769d8c550 _log10_special 8 API calls 18063->18065 18068 7ff769d829c3 18065->18068 18066 7ff769d9a948 __free_lconv_num 11 API calls 18066->18063 18067 7ff769d94b1c 18067->18066 18075 7ff769d95160 18068->18075 18069 7ff769d94b40 18069->18067 18072 7ff769d94b4a 18069->18072 18070 7ff769d94af1 18073 7ff769d9a948 __free_lconv_num 11 API calls 18070->18073 18071 7ff769d94ae8 18071->18067 18071->18070 18074 7ff769d9a948 __free_lconv_num 11 API calls 18072->18074 18073->18063 18074->18063 18076 7ff769d9b2c8 _get_daylight 11 API calls 18075->18076 18077 7ff769d95177 18076->18077 18078 7ff769d9eb98 _get_daylight 11 API calls 18077->18078 18079 7ff769d951b7 18077->18079 18084 7ff769d829e5 18077->18084 18080 7ff769d951ac 18078->18080 18079->18084 18231 7ff769d9ec20 18079->18231 18081 7ff769d9a948 __free_lconv_num 11 API calls 18080->18081 18081->18079 18084->18019 18085 7ff769d9a900 _isindst 17 API calls 18086 7ff769d951fc 18085->18086 18088 7ff769d8262f 18087->18088 18089 7ff769d89390 2 API calls 18088->18089 18090 7ff769d82660 18089->18090 18091 7ff769d82683 MessageBoxA 18090->18091 18092 7ff769d8266f MessageBoxW 18090->18092 18093 7ff769d82690 18091->18093 18092->18093 18094 7ff769d8c550 _log10_special 8 API calls 18093->18094 18095 7ff769d826a0 18094->18095 18095->18023 18097 7ff769d92c4e 18096->18097 18098 7ff769d92c3e 18096->18098 18099 7ff769d92c57 18097->18099 18108 7ff769d92c85 18097->18108 18101 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18098->18101 18102 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18099->18102 18100 7ff769d92c7d 18100->18067 18100->18069 18100->18070 18100->18071 18101->18100 18102->18100 18103 7ff769d947c0 45 API calls 18103->18108 18105 7ff769d92f34 18107 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18105->18107 18107->18098 18108->18098 18108->18100 18108->18103 18108->18105 18110 7ff769d935a0 18108->18110 18136 7ff769d93268 18108->18136 18166 7ff769d92af0 18108->18166 18111 7ff769d935e2 18110->18111 18112 7ff769d93655 18110->18112 18113 7ff769d9367f 18111->18113 18114 7ff769d935e8 18111->18114 18115 7ff769d936af 18112->18115 18116 7ff769d9365a 18112->18116 18183 7ff769d91b50 18113->18183 18123 7ff769d935ed 18114->18123 18127 7ff769d936be 18114->18127 18115->18113 18115->18127 18134 7ff769d93618 18115->18134 18117 7ff769d9368f 18116->18117 18118 7ff769d9365c 18116->18118 18190 7ff769d91740 18117->18190 18120 7ff769d935fd 18118->18120 18126 7ff769d9366b 18118->18126 18135 7ff769d936ed 18120->18135 18169 7ff769d93f04 18120->18169 18123->18120 18125 7ff769d93630 18123->18125 18123->18134 18125->18135 18179 7ff769d943c0 18125->18179 18126->18113 18129 7ff769d93670 18126->18129 18127->18135 18197 7ff769d91f60 18127->18197 18131 7ff769d94558 37 API calls 18129->18131 18129->18135 18130 7ff769d8c550 _log10_special 8 API calls 18132 7ff769d93983 18130->18132 18131->18134 18132->18108 18134->18135 18204 7ff769d9e858 18134->18204 18135->18130 18137 7ff769d93273 18136->18137 18138 7ff769d93289 18136->18138 18139 7ff769d935e2 18137->18139 18140 7ff769d93655 18137->18140 18142 7ff769d932c7 18137->18142 18141 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18138->18141 18138->18142 18143 7ff769d9367f 18139->18143 18144 7ff769d935e8 18139->18144 18145 7ff769d936af 18140->18145 18146 7ff769d9365a 18140->18146 18141->18142 18142->18108 18149 7ff769d91b50 38 API calls 18143->18149 18153 7ff769d935ed 18144->18153 18157 7ff769d936be 18144->18157 18145->18143 18145->18157 18164 7ff769d93618 18145->18164 18147 7ff769d9368f 18146->18147 18148 7ff769d9365c 18146->18148 18151 7ff769d91740 38 API calls 18147->18151 18150 7ff769d935fd 18148->18150 18155 7ff769d9366b 18148->18155 18149->18164 18152 7ff769d93f04 47 API calls 18150->18152 18165 7ff769d936ed 18150->18165 18151->18164 18152->18164 18153->18150 18156 7ff769d93630 18153->18156 18153->18164 18154 7ff769d91f60 38 API calls 18154->18164 18155->18143 18159 7ff769d93670 18155->18159 18158 7ff769d943c0 47 API calls 18156->18158 18156->18165 18157->18154 18157->18165 18158->18164 18161 7ff769d94558 37 API calls 18159->18161 18159->18165 18160 7ff769d8c550 _log10_special 8 API calls 18162 7ff769d93983 18160->18162 18161->18164 18162->18108 18163 7ff769d9e858 47 API calls 18163->18164 18164->18163 18164->18165 18165->18160 18214 7ff769d90d14 18166->18214 18170 7ff769d93f26 18169->18170 18171 7ff769d90b80 12 API calls 18170->18171 18172 7ff769d93f6e 18171->18172 18173 7ff769d9e570 46 API calls 18172->18173 18174 7ff769d94041 18173->18174 18175 7ff769d94063 18174->18175 18176 7ff769d947c0 45 API calls 18174->18176 18177 7ff769d947c0 45 API calls 18175->18177 18178 7ff769d940ec 18175->18178 18176->18175 18177->18178 18178->18134 18180 7ff769d943d8 18179->18180 18182 7ff769d94440 18179->18182 18181 7ff769d9e858 47 API calls 18180->18181 18180->18182 18181->18182 18182->18134 18184 7ff769d91b83 18183->18184 18185 7ff769d91bb2 18184->18185 18187 7ff769d91c6f 18184->18187 18186 7ff769d90b80 12 API calls 18185->18186 18189 7ff769d91bef 18185->18189 18186->18189 18188 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18187->18188 18188->18189 18189->18134 18191 7ff769d91773 18190->18191 18192 7ff769d917a2 18191->18192 18194 7ff769d9185f 18191->18194 18193 7ff769d90b80 12 API calls 18192->18193 18196 7ff769d917df 18192->18196 18193->18196 18195 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18194->18195 18195->18196 18196->18134 18198 7ff769d91f93 18197->18198 18199 7ff769d91fc2 18198->18199 18201 7ff769d9207f 18198->18201 18200 7ff769d90b80 12 API calls 18199->18200 18203 7ff769d91fff 18199->18203 18200->18203 18202 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18201->18202 18202->18203 18203->18134 18205 7ff769d9e880 18204->18205 18206 7ff769d9e8c5 18205->18206 18207 7ff769d947c0 45 API calls 18205->18207 18209 7ff769d9e885 __scrt_get_show_window_mode 18205->18209 18213 7ff769d9e8ae __scrt_get_show_window_mode 18205->18213 18206->18209 18210 7ff769da07e8 WideCharToMultiByte 18206->18210 18206->18213 18207->18206 18208 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18208->18209 18209->18134 18211 7ff769d9e9a1 18210->18211 18211->18209 18212 7ff769d9e9b6 GetLastError 18211->18212 18212->18209 18212->18213 18213->18208 18213->18209 18215 7ff769d90d41 18214->18215 18216 7ff769d90d53 18214->18216 18217 7ff769d94f08 _get_daylight 11 API calls 18215->18217 18219 7ff769d90d60 18216->18219 18222 7ff769d90d9d 18216->18222 18218 7ff769d90d46 18217->18218 18220 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18218->18220 18221 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 18219->18221 18226 7ff769d90d51 18220->18226 18221->18226 18223 7ff769d90e46 18222->18223 18224 7ff769d94f08 _get_daylight 11 API calls 18222->18224 18225 7ff769d94f08 _get_daylight 11 API calls 18223->18225 18223->18226 18227 7ff769d90e3b 18224->18227 18228 7ff769d90ef0 18225->18228 18226->18108 18229 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18227->18229 18230 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18228->18230 18229->18223 18230->18226 18236 7ff769d9ec3d 18231->18236 18232 7ff769d9ec42 18233 7ff769d951dd 18232->18233 18234 7ff769d94f08 _get_daylight 11 API calls 18232->18234 18233->18084 18233->18085 18235 7ff769d9ec4c 18234->18235 18237 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18235->18237 18236->18232 18236->18233 18238 7ff769d9ec8c 18236->18238 18237->18233 18238->18233 18239 7ff769d94f08 _get_daylight 11 API calls 18238->18239 18239->18235 18241 7ff769d98245 18240->18241 18242 7ff769d98258 18240->18242 18243 7ff769d94f08 _get_daylight 11 API calls 18241->18243 18250 7ff769d97ebc 18242->18250 18245 7ff769d9824a 18243->18245 18247 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18245->18247 18248 7ff769d98256 18247->18248 18248->17405 18257 7ff769da02d8 EnterCriticalSection 18250->18257 18259 7ff769d885b1 GetTokenInformation 18258->18259 18260 7ff769d88633 __vcrt_freefls 18258->18260 18261 7ff769d885d2 GetLastError 18259->18261 18262 7ff769d885dd 18259->18262 18263 7ff769d88646 CloseHandle 18260->18263 18264 7ff769d8864c 18260->18264 18261->18260 18261->18262 18262->18260 18265 7ff769d885f9 GetTokenInformation 18262->18265 18263->18264 18264->17410 18265->18260 18266 7ff769d8861c 18265->18266 18266->18260 18267 7ff769d88626 ConvertSidToStringSidW 18266->18267 18267->18260 18269 7ff769d8c850 18268->18269 18270 7ff769d82b74 GetCurrentProcessId 18269->18270 18271 7ff769d826b0 48 API calls 18270->18271 18272 7ff769d82bc7 18271->18272 18273 7ff769d94bd8 48 API calls 18272->18273 18274 7ff769d82c10 MessageBoxW 18273->18274 18275 7ff769d8c550 _log10_special 8 API calls 18274->18275 18276 7ff769d82c40 18275->18276 18276->17420 18278 7ff769d825e5 18277->18278 18279 7ff769d94bd8 48 API calls 18278->18279 18280 7ff769d82604 18279->18280 18280->17436 18316 7ff769d98794 18281->18316 18285 7ff769d881dc 18284->18285 18286 7ff769d89390 2 API calls 18285->18286 18287 7ff769d881fb 18286->18287 18288 7ff769d88203 18287->18288 18289 7ff769d88216 ExpandEnvironmentStringsW 18287->18289 18290 7ff769d82810 49 API calls 18288->18290 18291 7ff769d8823c __vcrt_freefls 18289->18291 18315 7ff769d8820f __vcrt_freefls 18290->18315 18292 7ff769d88240 18291->18292 18293 7ff769d88253 18291->18293 18295 7ff769d82810 49 API calls 18292->18295 18297 7ff769d882bf 18293->18297 18294 7ff769d8c550 _log10_special 8 API calls 18295->18315 18315->18294 18357 7ff769da1558 18316->18357 18416 7ff769da12d0 18357->18416 18437 7ff769da02d8 EnterCriticalSection 18416->18437 18447 7ff769d8456a 18446->18447 18448 7ff769d89390 2 API calls 18447->18448 18449 7ff769d8458f 18448->18449 18450 7ff769d8c550 _log10_special 8 API calls 18449->18450 18451 7ff769d845b7 18450->18451 18451->17473 18454 7ff769d87e2e 18452->18454 18453 7ff769d87f52 18457 7ff769d8c550 _log10_special 8 API calls 18453->18457 18454->18453 18455 7ff769d81c80 49 API calls 18454->18455 18456 7ff769d87eb5 18455->18456 18456->18453 18459 7ff769d81c80 49 API calls 18456->18459 18460 7ff769d84560 10 API calls 18456->18460 18461 7ff769d89390 2 API calls 18456->18461 18458 7ff769d87f83 18457->18458 18458->17473 18459->18456 18460->18456 18462 7ff769d87f23 CreateDirectoryW 18461->18462 18462->18453 18462->18456 18464 7ff769d81637 18463->18464 18465 7ff769d81613 18463->18465 18466 7ff769d845c0 108 API calls 18464->18466 18584 7ff769d81050 18465->18584 18469 7ff769d8164b 18466->18469 18468 7ff769d81618 18470 7ff769d8162e 18468->18470 18473 7ff769d82710 54 API calls 18468->18473 18471 7ff769d81653 18469->18471 18472 7ff769d81682 18469->18472 18470->17473 18474 7ff769d94f08 _get_daylight 11 API calls 18471->18474 18475 7ff769d845c0 108 API calls 18472->18475 18473->18470 18476 7ff769d81658 18474->18476 18477 7ff769d81696 18475->18477 18478 7ff769d82910 54 API calls 18476->18478 18479 7ff769d8169e 18477->18479 18480 7ff769d816b8 18477->18480 18483 7ff769d81671 18478->18483 18481 7ff769d82710 54 API calls 18479->18481 18482 7ff769d906d4 73 API calls 18480->18482 18484 7ff769d816ae 18481->18484 18485 7ff769d816cd 18482->18485 18483->17473 18488 7ff769d9004c 74 API calls 18484->18488 18486 7ff769d816f9 18485->18486 18487 7ff769d816d1 18485->18487 18512 7ff769d8718b 18511->18512 18514 7ff769d87144 18511->18514 18512->17473 18514->18512 18648 7ff769d95024 18514->18648 18516 7ff769d841a1 18515->18516 18517 7ff769d844e0 49 API calls 18516->18517 18518 7ff769d841db 18517->18518 18519 7ff769d844e0 49 API calls 18518->18519 18520 7ff769d841eb 18519->18520 18521 7ff769d8420d 18520->18521 18522 7ff769d8423c 18520->18522 18663 7ff769d84110 18521->18663 18524 7ff769d84110 51 API calls 18522->18524 18525 7ff769d8423a 18524->18525 18526 7ff769d8429c 18525->18526 18527 7ff769d84267 18525->18527 18560 7ff769d81c80 49 API calls 18559->18560 18561 7ff769d84474 18560->18561 18561->17473 18585 7ff769d845c0 108 API calls 18584->18585 18586 7ff769d8108c 18585->18586 18587 7ff769d810a9 18586->18587 18588 7ff769d81094 18586->18588 18589 7ff769d906d4 73 API calls 18587->18589 18590 7ff769d82710 54 API calls 18588->18590 18591 7ff769d810bf 18589->18591 18596 7ff769d810a4 __vcrt_freefls 18590->18596 18592 7ff769d810e6 18591->18592 18593 7ff769d810c3 18591->18593 18598 7ff769d810f7 18592->18598 18599 7ff769d81122 18592->18599 18594 7ff769d94f08 _get_daylight 11 API calls 18593->18594 18595 7ff769d810c8 18594->18595 18596->18468 18602 7ff769d94f08 _get_daylight 11 API calls 18598->18602 18600 7ff769d8113c 18599->18600 18601 7ff769d81129 18599->18601 18649 7ff769d95031 18648->18649 18650 7ff769d9505e 18648->18650 18652 7ff769d94f08 _get_daylight 11 API calls 18649->18652 18659 7ff769d94fe8 18649->18659 18651 7ff769d95081 18650->18651 18654 7ff769d9509d 18650->18654 18653 7ff769d94f08 _get_daylight 11 API calls 18651->18653 18655 7ff769d9503b 18652->18655 18656 7ff769d95086 18653->18656 18657 7ff769d94f4c 45 API calls 18654->18657 18658 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18655->18658 18660 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18656->18660 18662 7ff769d95091 18657->18662 18661 7ff769d95046 18658->18661 18659->18514 18660->18662 18661->18514 18662->18514 18664 7ff769d84136 18663->18664 18665 7ff769d94984 49 API calls 18664->18665 18666 7ff769d8415c 18665->18666 18727 7ff769d95ec8 18726->18727 18728 7ff769d95eee 18727->18728 18730 7ff769d95f21 18727->18730 18729 7ff769d94f08 _get_daylight 11 API calls 18728->18729 18731 7ff769d95ef3 18729->18731 18732 7ff769d95f34 18730->18732 18733 7ff769d95f27 18730->18733 18734 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 18731->18734 18745 7ff769d9ac28 18732->18745 18735 7ff769d94f08 _get_daylight 11 API calls 18733->18735 18737 7ff769d84616 18734->18737 18735->18737 18737->17498 18758 7ff769da02d8 EnterCriticalSection 18745->18758 19118 7ff769d978f8 19117->19118 19121 7ff769d973d4 19118->19121 19120 7ff769d97911 19120->17506 19122 7ff769d973ef 19121->19122 19123 7ff769d9741e 19121->19123 19124 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 19122->19124 19131 7ff769d9546c EnterCriticalSection 19123->19131 19126 7ff769d9740f 19124->19126 19126->19120 19133 7ff769d8fe71 19132->19133 19134 7ff769d8fe43 19132->19134 19138 7ff769d8fe63 19133->19138 19142 7ff769d9546c EnterCriticalSection 19133->19142 19135 7ff769d9a814 _invalid_parameter_noinfo 37 API calls 19134->19135 19135->19138 19138->17512 19144 7ff769d845c0 108 API calls 19143->19144 19145 7ff769d81493 19144->19145 19146 7ff769d814bc 19145->19146 19147 7ff769d8149b 19145->19147 19149 7ff769d906d4 73 API calls 19146->19149 19148 7ff769d82710 54 API calls 19147->19148 19150 7ff769d814ab 19148->19150 19151 7ff769d814d1 19149->19151 19150->17538 19152 7ff769d814f8 19151->19152 19153 7ff769d814d5 19151->19153 19250 7ff769d86375 19249->19250 19251 7ff769d81c80 49 API calls 19250->19251 19252 7ff769d863b1 19251->19252 19253 7ff769d863dd 19252->19253 19254 7ff769d863ba 19252->19254 19256 7ff769d84630 49 API calls 19253->19256 19255 7ff769d82710 54 API calls 19254->19255 19279 7ff769d863d3 19255->19279 19257 7ff769d863f5 19256->19257 19258 7ff769d86413 19257->19258 19259 7ff769d82710 54 API calls 19257->19259 19260 7ff769d84560 10 API calls 19258->19260 19259->19258 19262 7ff769d8641d 19260->19262 19261 7ff769d8c550 _log10_special 8 API calls 19263 7ff769d8336e 19261->19263 19263->17612 19280 7ff769d86500 19263->19280 19279->19261 19429 7ff769d85400 19280->19429 20349 7ff769d9afd0 20350 7ff769d9afea 20349->20350 20351 7ff769d9afd5 20349->20351 20355 7ff769d9aff0 20351->20355 20356 7ff769d9b032 20355->20356 20360 7ff769d9b03a 20355->20360 20358 7ff769d9a948 __free_lconv_num 11 API calls 20356->20358 20357 7ff769d9a948 __free_lconv_num 11 API calls 20359 7ff769d9b047 20357->20359 20358->20360 20361 7ff769d9a948 __free_lconv_num 11 API calls 20359->20361 20360->20357 20362 7ff769d9b054 20361->20362 20363 7ff769d9a948 __free_lconv_num 11 API calls 20362->20363 20364 7ff769d9b061 20363->20364 20365 7ff769d9a948 __free_lconv_num 11 API calls 20364->20365 20366 7ff769d9b06e 20365->20366 20367 7ff769d9a948 __free_lconv_num 11 API calls 20366->20367 20368 7ff769d9b07b 20367->20368 20369 7ff769d9a948 __free_lconv_num 11 API calls 20368->20369 20370 7ff769d9b088 20369->20370 20371 7ff769d9a948 __free_lconv_num 11 API calls 20370->20371 20372 7ff769d9b095 20371->20372 20373 7ff769d9a948 __free_lconv_num 11 API calls 20372->20373 20374 7ff769d9b0a5 20373->20374 20375 7ff769d9a948 __free_lconv_num 11 API calls 20374->20375 20376 7ff769d9b0b5 20375->20376 20381 7ff769d9ae94 20376->20381 20395 7ff769da02d8 EnterCriticalSection 20381->20395 20471 7ff769d99d50 20474 7ff769d99ccc 20471->20474 20481 7ff769da02d8 EnterCriticalSection 20474->20481 20485 7ff769d8cb50 20486 7ff769d8cb60 20485->20486 20502 7ff769d99ba8 20486->20502 20488 7ff769d8cb6c 20508 7ff769d8ce48 20488->20508 20490 7ff769d8d12c 7 API calls 20492 7ff769d8cc05 20490->20492 20491 7ff769d8cb84 _RTC_Initialize 20500 7ff769d8cbd9 20491->20500 20513 7ff769d8cff8 20491->20513 20494 7ff769d8cb99 20516 7ff769d99014 20494->20516 20500->20490 20501 7ff769d8cbf5 20500->20501 20503 7ff769d99bb9 20502->20503 20504 7ff769d99bc1 20503->20504 20505 7ff769d94f08 _get_daylight 11 API calls 20503->20505 20504->20488 20506 7ff769d99bd0 20505->20506 20507 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 20506->20507 20507->20504 20509 7ff769d8ce59 20508->20509 20512 7ff769d8ce5e __scrt_acquire_startup_lock 20508->20512 20510 7ff769d8d12c 7 API calls 20509->20510 20509->20512 20511 7ff769d8ced2 20510->20511 20512->20491 20541 7ff769d8cfbc 20513->20541 20515 7ff769d8d001 20515->20494 20517 7ff769d99034 20516->20517 20518 7ff769d8cba5 20516->20518 20519 7ff769d99052 GetModuleFileNameW 20517->20519 20520 7ff769d9903c 20517->20520 20518->20500 20540 7ff769d8d0cc InitializeSListHead 20518->20540 20524 7ff769d9907d 20519->20524 20521 7ff769d94f08 _get_daylight 11 API calls 20520->20521 20522 7ff769d99041 20521->20522 20523 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 20522->20523 20523->20518 20525 7ff769d98fb4 11 API calls 20524->20525 20526 7ff769d990bd 20525->20526 20527 7ff769d990c5 20526->20527 20532 7ff769d990dd 20526->20532 20528 7ff769d94f08 _get_daylight 11 API calls 20527->20528 20529 7ff769d990ca 20528->20529 20530 7ff769d9a948 __free_lconv_num 11 API calls 20529->20530 20530->20518 20531 7ff769d990ff 20533 7ff769d9a948 __free_lconv_num 11 API calls 20531->20533 20532->20531 20534 7ff769d99144 20532->20534 20535 7ff769d9912b 20532->20535 20533->20518 20537 7ff769d9a948 __free_lconv_num 11 API calls 20534->20537 20536 7ff769d9a948 __free_lconv_num 11 API calls 20535->20536 20538 7ff769d99134 20536->20538 20537->20531 20539 7ff769d9a948 __free_lconv_num 11 API calls 20538->20539 20539->20518 20542 7ff769d8cfd6 20541->20542 20544 7ff769d8cfcf 20541->20544 20545 7ff769d9a1ec 20542->20545 20544->20515 20548 7ff769d99e28 20545->20548 20555 7ff769da02d8 EnterCriticalSection 20548->20555 16120 7ff769da08c8 16121 7ff769da08ec 16120->16121 16124 7ff769da08fc 16120->16124 16122 7ff769d94f08 _get_daylight 11 API calls 16121->16122 16123 7ff769da08f1 16122->16123 16125 7ff769da0bdc 16124->16125 16126 7ff769da091e 16124->16126 16127 7ff769d94f08 _get_daylight 11 API calls 16125->16127 16128 7ff769da093f 16126->16128 16269 7ff769da0f84 16126->16269 16129 7ff769da0be1 16127->16129 16132 7ff769da09b1 16128->16132 16134 7ff769da0965 16128->16134 16138 7ff769da09a5 16128->16138 16130 7ff769d9a948 __free_lconv_num 11 API calls 16129->16130 16130->16123 16136 7ff769d9eb98 _get_daylight 11 API calls 16132->16136 16149 7ff769da0974 16132->16149 16133 7ff769da0a5e 16145 7ff769da0a7b 16133->16145 16150 7ff769da0acd 16133->16150 16284 7ff769d996c0 16134->16284 16139 7ff769da09c7 16136->16139 16138->16133 16138->16149 16290 7ff769da712c 16138->16290 16142 7ff769d9a948 __free_lconv_num 11 API calls 16139->16142 16141 7ff769d9a948 __free_lconv_num 11 API calls 16141->16123 16146 7ff769da09d5 16142->16146 16143 7ff769da096f 16147 7ff769d94f08 _get_daylight 11 API calls 16143->16147 16144 7ff769da098d 16144->16138 16152 7ff769da0f84 45 API calls 16144->16152 16148 7ff769d9a948 __free_lconv_num 11 API calls 16145->16148 16146->16138 16146->16149 16154 7ff769d9eb98 _get_daylight 11 API calls 16146->16154 16147->16149 16151 7ff769da0a84 16148->16151 16149->16141 16150->16149 16153 7ff769da33dc 40 API calls 16150->16153 16161 7ff769da0a89 16151->16161 16326 7ff769da33dc 16151->16326 16152->16138 16155 7ff769da0b0a 16153->16155 16157 7ff769da09f7 16154->16157 16158 7ff769d9a948 __free_lconv_num 11 API calls 16155->16158 16162 7ff769d9a948 __free_lconv_num 11 API calls 16157->16162 16163 7ff769da0b14 16158->16163 16159 7ff769da0ab5 16164 7ff769d9a948 __free_lconv_num 11 API calls 16159->16164 16160 7ff769da0bd0 16165 7ff769d9a948 __free_lconv_num 11 API calls 16160->16165 16161->16160 16166 7ff769d9eb98 _get_daylight 11 API calls 16161->16166 16162->16138 16163->16149 16163->16161 16164->16161 16165->16123 16167 7ff769da0b58 16166->16167 16168 7ff769da0b60 16167->16168 16169 7ff769da0b69 16167->16169 16170 7ff769d9a948 __free_lconv_num 11 API calls 16168->16170 16251 7ff769d9a4a4 16169->16251 16190 7ff769da0b67 16170->16190 16173 7ff769da0b80 16335 7ff769da7244 16173->16335 16174 7ff769da0c0b 16175 7ff769d9a900 _isindst 17 API calls 16174->16175 16178 7ff769da0c1f 16175->16178 16176 7ff769d9a948 __free_lconv_num 11 API calls 16176->16123 16182 7ff769da0c48 16178->16182 16188 7ff769da0c58 16178->16188 16180 7ff769da0bc8 16185 7ff769d9a948 __free_lconv_num 11 API calls 16180->16185 16181 7ff769da0ba7 16183 7ff769d94f08 _get_daylight 11 API calls 16181->16183 16184 7ff769d94f08 _get_daylight 11 API calls 16182->16184 16186 7ff769da0bac 16183->16186 16213 7ff769da0c4d 16184->16213 16185->16160 16187 7ff769d9a948 __free_lconv_num 11 API calls 16186->16187 16187->16190 16189 7ff769da0f3b 16188->16189 16191 7ff769da0c7a 16188->16191 16192 7ff769d94f08 _get_daylight 11 API calls 16189->16192 16190->16176 16193 7ff769da0c97 16191->16193 16354 7ff769da106c 16191->16354 16194 7ff769da0f40 16192->16194 16197 7ff769da0d0b 16193->16197 16199 7ff769da0cbf 16193->16199 16203 7ff769da0cff 16193->16203 16195 7ff769d9a948 __free_lconv_num 11 API calls 16194->16195 16195->16213 16201 7ff769da0d33 16197->16201 16204 7ff769d9eb98 _get_daylight 11 API calls 16197->16204 16219 7ff769da0cce 16197->16219 16198 7ff769da0dbe 16212 7ff769da0ddb 16198->16212 16220 7ff769da0e2e 16198->16220 16369 7ff769d996fc 16199->16369 16201->16203 16206 7ff769d9eb98 _get_daylight 11 API calls 16201->16206 16201->16219 16203->16198 16203->16219 16375 7ff769da6fec 16203->16375 16208 7ff769da0d25 16204->16208 16211 7ff769da0d55 16206->16211 16207 7ff769d9a948 __free_lconv_num 11 API calls 16207->16213 16214 7ff769d9a948 __free_lconv_num 11 API calls 16208->16214 16209 7ff769da0ce7 16209->16203 16218 7ff769da106c 45 API calls 16209->16218 16210 7ff769da0cc9 16215 7ff769d94f08 _get_daylight 11 API calls 16210->16215 16216 7ff769d9a948 __free_lconv_num 11 API calls 16211->16216 16217 7ff769d9a948 __free_lconv_num 11 API calls 16212->16217 16214->16201 16215->16219 16216->16203 16221 7ff769da0de4 16217->16221 16218->16203 16219->16207 16220->16219 16222 7ff769da33dc 40 API calls 16220->16222 16224 7ff769da33dc 40 API calls 16221->16224 16228 7ff769da0dea 16221->16228 16223 7ff769da0e6c 16222->16223 16225 7ff769d9a948 __free_lconv_num 11 API calls 16223->16225 16229 7ff769da0e16 16224->16229 16226 7ff769da0e76 16225->16226 16226->16219 16226->16228 16227 7ff769da0f2f 16231 7ff769d9a948 __free_lconv_num 11 API calls 16227->16231 16228->16227 16232 7ff769d9eb98 _get_daylight 11 API calls 16228->16232 16230 7ff769d9a948 __free_lconv_num 11 API calls 16229->16230 16230->16228 16231->16213 16233 7ff769da0ebb 16232->16233 16234 7ff769da0ec3 16233->16234 16235 7ff769da0ecc 16233->16235 16236 7ff769d9a948 __free_lconv_num 11 API calls 16234->16236 16260 7ff769da0474 16235->16260 16238 7ff769da0eca 16236->16238 16245 7ff769d9a948 __free_lconv_num 11 API calls 16238->16245 16240 7ff769da0f6f 16244 7ff769d9a900 _isindst 17 API calls 16240->16244 16241 7ff769da0ee2 SetEnvironmentVariableW 16242 7ff769da0f06 16241->16242 16243 7ff769da0f27 16241->16243 16246 7ff769d94f08 _get_daylight 11 API calls 16242->16246 16248 7ff769d9a948 __free_lconv_num 11 API calls 16243->16248 16247 7ff769da0f83 16244->16247 16245->16213 16249 7ff769da0f0b 16246->16249 16248->16227 16250 7ff769d9a948 __free_lconv_num 11 API calls 16249->16250 16250->16238 16252 7ff769d9a4b1 16251->16252 16253 7ff769d9a4bb 16251->16253 16252->16253 16258 7ff769d9a4d6 16252->16258 16254 7ff769d94f08 _get_daylight 11 API calls 16253->16254 16255 7ff769d9a4c2 16254->16255 16256 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16255->16256 16257 7ff769d9a4ce 16256->16257 16257->16173 16257->16174 16258->16257 16259 7ff769d94f08 _get_daylight 11 API calls 16258->16259 16259->16255 16261 7ff769da0481 16260->16261 16262 7ff769da048b 16260->16262 16261->16262 16267 7ff769da04a7 16261->16267 16263 7ff769d94f08 _get_daylight 11 API calls 16262->16263 16264 7ff769da0493 16263->16264 16265 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16264->16265 16266 7ff769da049f 16265->16266 16266->16240 16266->16241 16267->16266 16268 7ff769d94f08 _get_daylight 11 API calls 16267->16268 16268->16264 16270 7ff769da0fb9 16269->16270 16276 7ff769da0fa1 16269->16276 16271 7ff769d9eb98 _get_daylight 11 API calls 16270->16271 16279 7ff769da0fdd 16271->16279 16272 7ff769d9a504 _CallSETranslator 45 API calls 16274 7ff769da1068 16272->16274 16273 7ff769da103e 16275 7ff769d9a948 __free_lconv_num 11 API calls 16273->16275 16275->16276 16276->16128 16277 7ff769d9eb98 _get_daylight 11 API calls 16277->16279 16278 7ff769d9a948 __free_lconv_num 11 API calls 16278->16279 16279->16273 16279->16277 16279->16278 16280 7ff769d9a4a4 __std_exception_copy 37 API calls 16279->16280 16281 7ff769da104d 16279->16281 16283 7ff769da1062 16279->16283 16280->16279 16282 7ff769d9a900 _isindst 17 API calls 16281->16282 16282->16283 16283->16272 16285 7ff769d996d0 16284->16285 16286 7ff769d996d9 16284->16286 16285->16286 16399 7ff769d99198 16285->16399 16286->16143 16286->16144 16291 7ff769da6254 16290->16291 16292 7ff769da7139 16290->16292 16293 7ff769da6261 16291->16293 16294 7ff769da6297 16291->16294 16295 7ff769d94f4c 45 API calls 16292->16295 16296 7ff769d94f08 _get_daylight 11 API calls 16293->16296 16314 7ff769da6208 16293->16314 16297 7ff769da62c1 16294->16297 16305 7ff769da62e6 16294->16305 16301 7ff769da716d 16295->16301 16298 7ff769da626b 16296->16298 16299 7ff769d94f08 _get_daylight 11 API calls 16297->16299 16303 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16298->16303 16304 7ff769da62c6 16299->16304 16300 7ff769da7172 16300->16138 16301->16300 16302 7ff769da7183 16301->16302 16306 7ff769da719a 16301->16306 16307 7ff769d94f08 _get_daylight 11 API calls 16302->16307 16308 7ff769da6276 16303->16308 16309 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16304->16309 16310 7ff769d94f4c 45 API calls 16305->16310 16315 7ff769da62d1 16305->16315 16312 7ff769da71a4 16306->16312 16313 7ff769da71b6 16306->16313 16311 7ff769da7188 16307->16311 16308->16138 16309->16315 16310->16315 16316 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16311->16316 16317 7ff769d94f08 _get_daylight 11 API calls 16312->16317 16318 7ff769da71c7 16313->16318 16319 7ff769da71de 16313->16319 16314->16138 16315->16138 16316->16300 16321 7ff769da71a9 16317->16321 16685 7ff769da62a4 16318->16685 16694 7ff769da8f4c 16319->16694 16324 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16321->16324 16324->16300 16325 7ff769d94f08 _get_daylight 11 API calls 16325->16300 16327 7ff769da33fe 16326->16327 16329 7ff769da341b 16326->16329 16328 7ff769da340c 16327->16328 16327->16329 16331 7ff769d94f08 _get_daylight 11 API calls 16328->16331 16330 7ff769da3425 16329->16330 16734 7ff769da7c38 16329->16734 16741 7ff769da7c74 16330->16741 16334 7ff769da3411 __scrt_get_show_window_mode 16331->16334 16334->16159 16336 7ff769d94f4c 45 API calls 16335->16336 16337 7ff769da72aa 16336->16337 16338 7ff769da72b8 16337->16338 16753 7ff769d9ef24 16337->16753 16756 7ff769d954ac 16338->16756 16342 7ff769da73a4 16345 7ff769da73b5 16342->16345 16346 7ff769d9a948 __free_lconv_num 11 API calls 16342->16346 16343 7ff769d94f4c 45 API calls 16344 7ff769da7327 16343->16344 16348 7ff769d9ef24 5 API calls 16344->16348 16351 7ff769da7330 16344->16351 16347 7ff769da0ba3 16345->16347 16349 7ff769d9a948 __free_lconv_num 11 API calls 16345->16349 16346->16345 16347->16180 16347->16181 16348->16351 16349->16347 16350 7ff769d954ac 14 API calls 16352 7ff769da738b 16350->16352 16351->16350 16352->16342 16353 7ff769da7393 SetEnvironmentVariableW 16352->16353 16353->16342 16355 7ff769da108f 16354->16355 16356 7ff769da10ac 16354->16356 16355->16193 16357 7ff769d9eb98 _get_daylight 11 API calls 16356->16357 16363 7ff769da10d0 16357->16363 16358 7ff769da1131 16360 7ff769d9a948 __free_lconv_num 11 API calls 16358->16360 16359 7ff769d9a504 _CallSETranslator 45 API calls 16361 7ff769da115a 16359->16361 16360->16355 16362 7ff769d9eb98 _get_daylight 11 API calls 16362->16363 16363->16358 16363->16362 16364 7ff769d9a948 __free_lconv_num 11 API calls 16363->16364 16365 7ff769da0474 37 API calls 16363->16365 16366 7ff769da1140 16363->16366 16368 7ff769da1154 16363->16368 16364->16363 16365->16363 16367 7ff769d9a900 _isindst 17 API calls 16366->16367 16367->16368 16368->16359 16370 7ff769d9970c 16369->16370 16373 7ff769d99715 16369->16373 16370->16373 16783 7ff769d9920c 16370->16783 16373->16209 16373->16210 16376 7ff769da6ff9 16375->16376 16380 7ff769da7026 16375->16380 16377 7ff769da6ffe 16376->16377 16376->16380 16379 7ff769d94f08 _get_daylight 11 API calls 16377->16379 16378 7ff769da705e __crtLCMapStringW 16378->16203 16382 7ff769da7003 16379->16382 16380->16378 16381 7ff769da706a 16380->16381 16383 7ff769da7089 16380->16383 16385 7ff769d94f08 _get_daylight 11 API calls 16381->16385 16384 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16382->16384 16386 7ff769da7093 16383->16386 16387 7ff769da70a5 16383->16387 16388 7ff769da700e 16384->16388 16389 7ff769da706f 16385->16389 16390 7ff769d94f08 _get_daylight 11 API calls 16386->16390 16391 7ff769d94f4c 45 API calls 16387->16391 16388->16203 16392 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16389->16392 16393 7ff769da7098 16390->16393 16394 7ff769da70b2 16391->16394 16392->16378 16395 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16393->16395 16394->16378 16830 7ff769da8b08 16394->16830 16395->16378 16398 7ff769d94f08 _get_daylight 11 API calls 16398->16378 16400 7ff769d991b1 16399->16400 16401 7ff769d991ad 16399->16401 16422 7ff769da25f0 16400->16422 16401->16286 16414 7ff769d994ec 16401->16414 16406 7ff769d991cf 16448 7ff769d9927c 16406->16448 16407 7ff769d991c3 16408 7ff769d9a948 __free_lconv_num 11 API calls 16407->16408 16408->16401 16411 7ff769d9a948 __free_lconv_num 11 API calls 16412 7ff769d991f6 16411->16412 16413 7ff769d9a948 __free_lconv_num 11 API calls 16412->16413 16413->16401 16415 7ff769d9952e 16414->16415 16416 7ff769d99515 16414->16416 16415->16416 16417 7ff769d9eb98 _get_daylight 11 API calls 16415->16417 16418 7ff769d995be 16415->16418 16419 7ff769da07e8 WideCharToMultiByte 16415->16419 16421 7ff769d9a948 __free_lconv_num 11 API calls 16415->16421 16416->16286 16417->16415 16420 7ff769d9a948 __free_lconv_num 11 API calls 16418->16420 16419->16415 16420->16416 16421->16415 16423 7ff769d991b6 16422->16423 16424 7ff769da25fd 16422->16424 16428 7ff769da292c GetEnvironmentStringsW 16423->16428 16467 7ff769d9b224 16424->16467 16429 7ff769d991bb 16428->16429 16430 7ff769da295c 16428->16430 16429->16406 16429->16407 16431 7ff769da07e8 WideCharToMultiByte 16430->16431 16432 7ff769da29ad 16431->16432 16433 7ff769da29b4 FreeEnvironmentStringsW 16432->16433 16434 7ff769d9d5fc _fread_nolock 12 API calls 16432->16434 16433->16429 16435 7ff769da29c7 16434->16435 16436 7ff769da29cf 16435->16436 16437 7ff769da29d8 16435->16437 16438 7ff769d9a948 __free_lconv_num 11 API calls 16436->16438 16439 7ff769da07e8 WideCharToMultiByte 16437->16439 16440 7ff769da29d6 16438->16440 16441 7ff769da29fb 16439->16441 16440->16433 16442 7ff769da29ff 16441->16442 16443 7ff769da2a09 16441->16443 16444 7ff769d9a948 __free_lconv_num 11 API calls 16442->16444 16445 7ff769d9a948 __free_lconv_num 11 API calls 16443->16445 16446 7ff769da2a07 FreeEnvironmentStringsW 16444->16446 16445->16446 16446->16429 16449 7ff769d992a1 16448->16449 16450 7ff769d9eb98 _get_daylight 11 API calls 16449->16450 16455 7ff769d992d7 16450->16455 16451 7ff769d9a948 __free_lconv_num 11 API calls 16452 7ff769d991d7 16451->16452 16452->16411 16453 7ff769d99352 16454 7ff769d9a948 __free_lconv_num 11 API calls 16453->16454 16454->16452 16455->16453 16456 7ff769d9eb98 _get_daylight 11 API calls 16455->16456 16457 7ff769d99341 16455->16457 16458 7ff769d9a4a4 __std_exception_copy 37 API calls 16455->16458 16461 7ff769d99377 16455->16461 16464 7ff769d9a948 __free_lconv_num 11 API calls 16455->16464 16465 7ff769d992df 16455->16465 16456->16455 16679 7ff769d994a8 16457->16679 16458->16455 16463 7ff769d9a900 _isindst 17 API calls 16461->16463 16462 7ff769d9a948 __free_lconv_num 11 API calls 16462->16465 16466 7ff769d9938a 16463->16466 16464->16455 16465->16451 16468 7ff769d9b250 FlsSetValue 16467->16468 16469 7ff769d9b235 FlsGetValue 16467->16469 16470 7ff769d9b242 16468->16470 16472 7ff769d9b25d 16468->16472 16469->16470 16471 7ff769d9b24a 16469->16471 16473 7ff769d9b248 16470->16473 16474 7ff769d9a504 _CallSETranslator 45 API calls 16470->16474 16471->16468 16475 7ff769d9eb98 _get_daylight 11 API calls 16472->16475 16487 7ff769da22c4 16473->16487 16476 7ff769d9b2c5 16474->16476 16477 7ff769d9b26c 16475->16477 16478 7ff769d9b28a FlsSetValue 16477->16478 16479 7ff769d9b27a FlsSetValue 16477->16479 16481 7ff769d9b296 FlsSetValue 16478->16481 16482 7ff769d9b2a8 16478->16482 16480 7ff769d9b283 16479->16480 16483 7ff769d9a948 __free_lconv_num 11 API calls 16480->16483 16481->16480 16484 7ff769d9aef4 _get_daylight 11 API calls 16482->16484 16483->16470 16485 7ff769d9b2b0 16484->16485 16486 7ff769d9a948 __free_lconv_num 11 API calls 16485->16486 16486->16473 16510 7ff769da2534 16487->16510 16489 7ff769da22f9 16525 7ff769da1fc4 16489->16525 16492 7ff769da2316 16492->16423 16493 7ff769d9d5fc _fread_nolock 12 API calls 16494 7ff769da2327 16493->16494 16495 7ff769da232f 16494->16495 16497 7ff769da233e 16494->16497 16496 7ff769d9a948 __free_lconv_num 11 API calls 16495->16496 16496->16492 16497->16497 16532 7ff769da266c 16497->16532 16500 7ff769da243a 16501 7ff769d94f08 _get_daylight 11 API calls 16500->16501 16502 7ff769da243f 16501->16502 16505 7ff769d9a948 __free_lconv_num 11 API calls 16502->16505 16503 7ff769da2495 16504 7ff769da24fc 16503->16504 16543 7ff769da1df4 16503->16543 16508 7ff769d9a948 __free_lconv_num 11 API calls 16504->16508 16505->16492 16506 7ff769da2454 16506->16503 16509 7ff769d9a948 __free_lconv_num 11 API calls 16506->16509 16508->16492 16509->16503 16511 7ff769da2557 16510->16511 16512 7ff769da2561 16511->16512 16558 7ff769da02d8 EnterCriticalSection 16511->16558 16514 7ff769da25d3 16512->16514 16517 7ff769d9a504 _CallSETranslator 45 API calls 16512->16517 16514->16489 16519 7ff769da25eb 16517->16519 16521 7ff769d9b224 50 API calls 16519->16521 16524 7ff769da2642 16519->16524 16522 7ff769da262c 16521->16522 16523 7ff769da22c4 65 API calls 16522->16523 16523->16524 16524->16489 16559 7ff769d94f4c 16525->16559 16528 7ff769da1fe4 GetOEMCP 16530 7ff769da200b 16528->16530 16529 7ff769da1ff6 16529->16530 16531 7ff769da1ffb GetACP 16529->16531 16530->16492 16530->16493 16531->16530 16533 7ff769da1fc4 47 API calls 16532->16533 16534 7ff769da2699 16533->16534 16535 7ff769da27ef 16534->16535 16537 7ff769da26d6 IsValidCodePage 16534->16537 16542 7ff769da26f0 __scrt_get_show_window_mode 16534->16542 16536 7ff769d8c550 _log10_special 8 API calls 16535->16536 16538 7ff769da2431 16536->16538 16537->16535 16539 7ff769da26e7 16537->16539 16538->16500 16538->16506 16540 7ff769da2716 GetCPInfo 16539->16540 16539->16542 16540->16535 16540->16542 16591 7ff769da20dc 16542->16591 16678 7ff769da02d8 EnterCriticalSection 16543->16678 16560 7ff769d94f70 16559->16560 16561 7ff769d94f6b 16559->16561 16560->16561 16562 7ff769d9b150 _CallSETranslator 45 API calls 16560->16562 16561->16528 16561->16529 16563 7ff769d94f8b 16562->16563 16567 7ff769d9d984 16563->16567 16568 7ff769d94fae 16567->16568 16569 7ff769d9d999 16567->16569 16571 7ff769d9d9f0 16568->16571 16569->16568 16575 7ff769da3304 16569->16575 16572 7ff769d9da05 16571->16572 16573 7ff769d9da18 16571->16573 16572->16573 16588 7ff769da2650 16572->16588 16573->16561 16576 7ff769d9b150 _CallSETranslator 45 API calls 16575->16576 16577 7ff769da3313 16576->16577 16578 7ff769da335e 16577->16578 16587 7ff769da02d8 EnterCriticalSection 16577->16587 16578->16568 16589 7ff769d9b150 _CallSETranslator 45 API calls 16588->16589 16590 7ff769da2659 16589->16590 16592 7ff769da2119 GetCPInfo 16591->16592 16601 7ff769da220f 16591->16601 16598 7ff769da212c 16592->16598 16592->16601 16593 7ff769d8c550 _log10_special 8 API calls 16594 7ff769da22ae 16593->16594 16594->16535 16602 7ff769da2e40 16598->16602 16601->16593 16603 7ff769d94f4c 45 API calls 16602->16603 16604 7ff769da2e82 16603->16604 16622 7ff769d9f8a0 16604->16622 16624 7ff769d9f8a9 MultiByteToWideChar 16622->16624 16680 7ff769d99349 16679->16680 16681 7ff769d994ad 16679->16681 16680->16462 16682 7ff769d994d6 16681->16682 16684 7ff769d9a948 __free_lconv_num 11 API calls 16681->16684 16683 7ff769d9a948 __free_lconv_num 11 API calls 16682->16683 16683->16680 16684->16681 16686 7ff769da62c1 16685->16686 16688 7ff769da62d8 16685->16688 16687 7ff769d94f08 _get_daylight 11 API calls 16686->16687 16689 7ff769da62c6 16687->16689 16688->16686 16690 7ff769da62e6 16688->16690 16691 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16689->16691 16692 7ff769d94f4c 45 API calls 16690->16692 16693 7ff769da62d1 16690->16693 16691->16693 16692->16693 16693->16300 16695 7ff769d94f4c 45 API calls 16694->16695 16696 7ff769da8f71 16695->16696 16699 7ff769da8bc8 16696->16699 16703 7ff769da8c16 16699->16703 16700 7ff769d8c550 _log10_special 8 API calls 16701 7ff769da7205 16700->16701 16701->16300 16701->16325 16702 7ff769da8c9d 16704 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16702->16704 16708 7ff769da8ca1 16702->16708 16703->16702 16705 7ff769da8c88 GetCPInfo 16703->16705 16703->16708 16706 7ff769da8d35 16704->16706 16705->16702 16705->16708 16707 7ff769d9d5fc _fread_nolock 12 API calls 16706->16707 16706->16708 16709 7ff769da8d6c 16706->16709 16707->16709 16708->16700 16709->16708 16710 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16709->16710 16711 7ff769da8dda 16710->16711 16712 7ff769da8ebc 16711->16712 16713 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16711->16713 16712->16708 16714 7ff769d9a948 __free_lconv_num 11 API calls 16712->16714 16715 7ff769da8e00 16713->16715 16714->16708 16715->16712 16716 7ff769d9d5fc _fread_nolock 12 API calls 16715->16716 16717 7ff769da8e2d 16715->16717 16716->16717 16717->16712 16718 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16717->16718 16719 7ff769da8ea4 16718->16719 16720 7ff769da8ec4 16719->16720 16721 7ff769da8eaa 16719->16721 16728 7ff769d9ef68 16720->16728 16721->16712 16723 7ff769d9a948 __free_lconv_num 11 API calls 16721->16723 16723->16712 16725 7ff769da8f03 16725->16708 16727 7ff769d9a948 __free_lconv_num 11 API calls 16725->16727 16726 7ff769d9a948 __free_lconv_num 11 API calls 16726->16725 16727->16708 16729 7ff769d9ed10 __crtLCMapStringW 5 API calls 16728->16729 16731 7ff769d9efa6 16729->16731 16730 7ff769d9efae 16730->16725 16730->16726 16731->16730 16732 7ff769d9f1d0 __crtLCMapStringW 5 API calls 16731->16732 16733 7ff769d9f017 CompareStringW 16732->16733 16733->16730 16735 7ff769da7c41 16734->16735 16736 7ff769da7c5a HeapSize 16734->16736 16737 7ff769d94f08 _get_daylight 11 API calls 16735->16737 16738 7ff769da7c46 16737->16738 16739 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16738->16739 16740 7ff769da7c51 16739->16740 16740->16330 16742 7ff769da7c93 16741->16742 16743 7ff769da7c89 16741->16743 16744 7ff769da7c98 16742->16744 16751 7ff769da7c9f _get_daylight 16742->16751 16745 7ff769d9d5fc _fread_nolock 12 API calls 16743->16745 16746 7ff769d9a948 __free_lconv_num 11 API calls 16744->16746 16749 7ff769da7c91 16745->16749 16746->16749 16747 7ff769da7cd2 HeapReAlloc 16747->16749 16747->16751 16748 7ff769da7ca5 16750 7ff769d94f08 _get_daylight 11 API calls 16748->16750 16749->16334 16750->16749 16751->16747 16751->16748 16752 7ff769da3590 _get_daylight 2 API calls 16751->16752 16752->16751 16754 7ff769d9ed10 __crtLCMapStringW 5 API calls 16753->16754 16755 7ff769d9ef44 16754->16755 16755->16338 16757 7ff769d954d6 16756->16757 16758 7ff769d954fa 16756->16758 16762 7ff769d9a948 __free_lconv_num 11 API calls 16757->16762 16764 7ff769d954e5 16757->16764 16759 7ff769d954ff 16758->16759 16760 7ff769d95554 16758->16760 16763 7ff769d95514 16759->16763 16759->16764 16765 7ff769d9a948 __free_lconv_num 11 API calls 16759->16765 16761 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16760->16761 16769 7ff769d95570 16761->16769 16762->16764 16766 7ff769d9d5fc _fread_nolock 12 API calls 16763->16766 16764->16342 16764->16343 16765->16763 16766->16764 16767 7ff769d95577 GetLastError 16778 7ff769d94e7c 16767->16778 16769->16767 16772 7ff769d9a948 __free_lconv_num 11 API calls 16769->16772 16776 7ff769d955a5 16769->16776 16777 7ff769d955b2 16769->16777 16770 7ff769d9f8a0 _fread_nolock MultiByteToWideChar 16774 7ff769d955f6 16770->16774 16772->16776 16773 7ff769d9d5fc _fread_nolock 12 API calls 16773->16777 16774->16764 16774->16767 16775 7ff769d94f08 _get_daylight 11 API calls 16775->16764 16776->16773 16777->16764 16777->16770 16779 7ff769d9b2c8 _get_daylight 11 API calls 16778->16779 16780 7ff769d94e89 __free_lconv_num 16779->16780 16781 7ff769d9b2c8 _get_daylight 11 API calls 16780->16781 16782 7ff769d94eab 16781->16782 16782->16775 16784 7ff769d99221 16783->16784 16785 7ff769d99225 16783->16785 16784->16373 16796 7ff769d995cc 16784->16796 16804 7ff769da2a3c GetEnvironmentStringsW 16785->16804 16788 7ff769d99232 16790 7ff769d9a948 __free_lconv_num 11 API calls 16788->16790 16789 7ff769d9923e 16811 7ff769d9938c 16789->16811 16790->16784 16793 7ff769d9a948 __free_lconv_num 11 API calls 16794 7ff769d99265 16793->16794 16795 7ff769d9a948 __free_lconv_num 11 API calls 16794->16795 16795->16784 16797 7ff769d995ef 16796->16797 16802 7ff769d99606 16796->16802 16797->16373 16798 7ff769d9eb98 _get_daylight 11 API calls 16798->16802 16799 7ff769d9967a 16801 7ff769d9a948 __free_lconv_num 11 API calls 16799->16801 16800 7ff769d9f8a0 MultiByteToWideChar _fread_nolock 16800->16802 16801->16797 16802->16797 16802->16798 16802->16799 16802->16800 16803 7ff769d9a948 __free_lconv_num 11 API calls 16802->16803 16803->16802 16805 7ff769d9922a 16804->16805 16807 7ff769da2a60 16804->16807 16805->16788 16805->16789 16806 7ff769d9d5fc _fread_nolock 12 API calls 16808 7ff769da2a97 memcpy_s 16806->16808 16807->16806 16807->16807 16809 7ff769d9a948 __free_lconv_num 11 API calls 16808->16809 16810 7ff769da2ab7 FreeEnvironmentStringsW 16809->16810 16810->16805 16812 7ff769d993b4 16811->16812 16813 7ff769d9eb98 _get_daylight 11 API calls 16812->16813 16825 7ff769d993ef 16813->16825 16814 7ff769d9a948 __free_lconv_num 11 API calls 16815 7ff769d99246 16814->16815 16815->16793 16816 7ff769d99471 16817 7ff769d9a948 __free_lconv_num 11 API calls 16816->16817 16817->16815 16818 7ff769d9eb98 _get_daylight 11 API calls 16818->16825 16819 7ff769d99460 16820 7ff769d994a8 11 API calls 16819->16820 16822 7ff769d99468 16820->16822 16821 7ff769da0474 37 API calls 16821->16825 16823 7ff769d9a948 __free_lconv_num 11 API calls 16822->16823 16826 7ff769d993f7 16823->16826 16824 7ff769d99494 16827 7ff769d9a900 _isindst 17 API calls 16824->16827 16825->16816 16825->16818 16825->16819 16825->16821 16825->16824 16825->16826 16828 7ff769d9a948 __free_lconv_num 11 API calls 16825->16828 16826->16814 16829 7ff769d994a6 16827->16829 16828->16825 16832 7ff769da8b31 __crtLCMapStringW 16830->16832 16831 7ff769da70ee 16831->16378 16831->16398 16832->16831 16833 7ff769d9ef68 6 API calls 16832->16833 16833->16831 20570 7ff769d9c520 20581 7ff769da02d8 EnterCriticalSection 20570->20581 19733 7ff769da16b0 19744 7ff769da73e4 19733->19744 19745 7ff769da73f1 19744->19745 19746 7ff769d9a948 __free_lconv_num 11 API calls 19745->19746 19747 7ff769da740d 19745->19747 19746->19745 19748 7ff769d9a948 __free_lconv_num 11 API calls 19747->19748 19749 7ff769da16b9 19747->19749 19748->19747 19750 7ff769da02d8 EnterCriticalSection 19749->19750 16834 7ff769d95628 16835 7ff769d9565f 16834->16835 16836 7ff769d95642 16834->16836 16835->16836 16837 7ff769d95672 CreateFileW 16835->16837 16885 7ff769d94ee8 16836->16885 16839 7ff769d956a6 16837->16839 16840 7ff769d956dc 16837->16840 16859 7ff769d9577c GetFileType 16839->16859 16888 7ff769d95c04 16840->16888 16844 7ff769d94f08 _get_daylight 11 API calls 16845 7ff769d9564f 16844->16845 16848 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16845->16848 16854 7ff769d9565a 16848->16854 16849 7ff769d956d1 CloseHandle 16849->16854 16850 7ff769d956bb CloseHandle 16850->16854 16851 7ff769d95710 16909 7ff769d959c4 16851->16909 16852 7ff769d956e5 16855 7ff769d94e7c _fread_nolock 11 API calls 16852->16855 16858 7ff769d956ef 16855->16858 16858->16854 16860 7ff769d95887 16859->16860 16861 7ff769d957ca 16859->16861 16863 7ff769d9588f 16860->16863 16864 7ff769d958b1 16860->16864 16862 7ff769d957f6 GetFileInformationByHandle 16861->16862 16866 7ff769d95b00 21 API calls 16861->16866 16867 7ff769d9581f 16862->16867 16868 7ff769d958a2 GetLastError 16862->16868 16863->16868 16869 7ff769d95893 16863->16869 16865 7ff769d958d4 PeekNamedPipe 16864->16865 16884 7ff769d95872 16864->16884 16865->16884 16870 7ff769d957e4 16866->16870 16871 7ff769d959c4 51 API calls 16867->16871 16873 7ff769d94e7c _fread_nolock 11 API calls 16868->16873 16872 7ff769d94f08 _get_daylight 11 API calls 16869->16872 16870->16862 16870->16884 16875 7ff769d9582a 16871->16875 16872->16884 16873->16884 16874 7ff769d8c550 _log10_special 8 API calls 16876 7ff769d956b4 16874->16876 16926 7ff769d95924 16875->16926 16876->16849 16876->16850 16879 7ff769d95924 10 API calls 16880 7ff769d95849 16879->16880 16881 7ff769d95924 10 API calls 16880->16881 16882 7ff769d9585a 16881->16882 16883 7ff769d94f08 _get_daylight 11 API calls 16882->16883 16882->16884 16883->16884 16884->16874 16886 7ff769d9b2c8 _get_daylight 11 API calls 16885->16886 16887 7ff769d94ef1 16886->16887 16887->16844 16889 7ff769d95c3a 16888->16889 16890 7ff769d94f08 _get_daylight 11 API calls 16889->16890 16908 7ff769d95cd2 __vcrt_freefls 16889->16908 16892 7ff769d95c4c 16890->16892 16891 7ff769d8c550 _log10_special 8 API calls 16893 7ff769d956e1 16891->16893 16894 7ff769d94f08 _get_daylight 11 API calls 16892->16894 16893->16851 16893->16852 16895 7ff769d95c54 16894->16895 16933 7ff769d97e08 16895->16933 16897 7ff769d95c69 16898 7ff769d95c71 16897->16898 16899 7ff769d95c7b 16897->16899 16901 7ff769d94f08 _get_daylight 11 API calls 16898->16901 16900 7ff769d94f08 _get_daylight 11 API calls 16899->16900 16902 7ff769d95c80 16900->16902 16905 7ff769d95c76 16901->16905 16903 7ff769d94f08 _get_daylight 11 API calls 16902->16903 16902->16908 16904 7ff769d95c8a 16903->16904 16906 7ff769d97e08 45 API calls 16904->16906 16907 7ff769d95cc4 GetDriveTypeW 16905->16907 16905->16908 16906->16905 16907->16908 16908->16891 16911 7ff769d959ec 16909->16911 16910 7ff769d9571d 16919 7ff769d95b00 16910->16919 16911->16910 17027 7ff769d9f724 16911->17027 16913 7ff769d95a80 16913->16910 16914 7ff769d9f724 51 API calls 16913->16914 16915 7ff769d95a93 16914->16915 16915->16910 16916 7ff769d9f724 51 API calls 16915->16916 16917 7ff769d95aa6 16916->16917 16917->16910 16918 7ff769d9f724 51 API calls 16917->16918 16918->16910 16920 7ff769d95b1a 16919->16920 16921 7ff769d95b51 16920->16921 16922 7ff769d95b2a 16920->16922 16923 7ff769d9f5b8 21 API calls 16921->16923 16924 7ff769d94e7c _fread_nolock 11 API calls 16922->16924 16925 7ff769d95b3a 16922->16925 16923->16925 16924->16925 16925->16858 16927 7ff769d95940 16926->16927 16928 7ff769d9594d FileTimeToSystemTime 16926->16928 16927->16928 16930 7ff769d95948 16927->16930 16929 7ff769d95961 SystemTimeToTzSpecificLocalTime 16928->16929 16928->16930 16929->16930 16931 7ff769d8c550 _log10_special 8 API calls 16930->16931 16932 7ff769d95839 16931->16932 16932->16879 16934 7ff769d97e92 16933->16934 16935 7ff769d97e24 16933->16935 16970 7ff769da07c0 16934->16970 16935->16934 16937 7ff769d97e29 16935->16937 16939 7ff769d97e41 16937->16939 16940 7ff769d97e5e 16937->16940 16938 7ff769d97e56 __vcrt_freefls 16938->16897 16945 7ff769d97bd8 GetFullPathNameW 16939->16945 16953 7ff769d97c4c GetFullPathNameW 16940->16953 16946 7ff769d97c14 16945->16946 16947 7ff769d97bfe GetLastError 16945->16947 16950 7ff769d94f08 _get_daylight 11 API calls 16946->16950 16952 7ff769d97c10 16946->16952 16948 7ff769d94e7c _fread_nolock 11 API calls 16947->16948 16949 7ff769d97c0b 16948->16949 16951 7ff769d94f08 _get_daylight 11 API calls 16949->16951 16950->16952 16951->16952 16952->16938 16954 7ff769d97c7f GetLastError 16953->16954 16958 7ff769d97c95 __vcrt_freefls 16953->16958 16955 7ff769d94e7c _fread_nolock 11 API calls 16954->16955 16956 7ff769d97c8c 16955->16956 16957 7ff769d94f08 _get_daylight 11 API calls 16956->16957 16959 7ff769d97c91 16957->16959 16958->16959 16960 7ff769d97cef GetFullPathNameW 16958->16960 16961 7ff769d97d24 16959->16961 16960->16954 16960->16959 16965 7ff769d97d98 memcpy_s 16961->16965 16966 7ff769d97d4d __scrt_get_show_window_mode 16961->16966 16962 7ff769d97d81 16963 7ff769d94f08 _get_daylight 11 API calls 16962->16963 16964 7ff769d97d86 16963->16964 16968 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16964->16968 16965->16938 16966->16962 16966->16965 16967 7ff769d97dba 16966->16967 16967->16965 16969 7ff769d94f08 _get_daylight 11 API calls 16967->16969 16968->16965 16969->16964 16973 7ff769da05d0 16970->16973 16974 7ff769da0612 16973->16974 16975 7ff769da05fb 16973->16975 16976 7ff769da0616 16974->16976 16977 7ff769da0637 16974->16977 16978 7ff769d94f08 _get_daylight 11 API calls 16975->16978 16999 7ff769da073c 16976->16999 17011 7ff769d9f5b8 16977->17011 16981 7ff769da0600 16978->16981 16985 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 16981->16985 16983 7ff769da063c 16987 7ff769da06e1 16983->16987 16994 7ff769da0663 16983->16994 16984 7ff769da061f 16986 7ff769d94ee8 _fread_nolock 11 API calls 16984->16986 16998 7ff769da060b __vcrt_freefls 16985->16998 16988 7ff769da0624 16986->16988 16987->16975 16989 7ff769da06e9 16987->16989 16991 7ff769d94f08 _get_daylight 11 API calls 16988->16991 16992 7ff769d97bd8 13 API calls 16989->16992 16990 7ff769d8c550 _log10_special 8 API calls 16993 7ff769da0731 16990->16993 16991->16981 16992->16998 16993->16938 16995 7ff769d97c4c 14 API calls 16994->16995 16996 7ff769da06a7 16995->16996 16997 7ff769d97d24 37 API calls 16996->16997 16996->16998 16997->16998 16998->16990 17000 7ff769da0786 16999->17000 17001 7ff769da0756 16999->17001 17002 7ff769da0791 GetDriveTypeW 17000->17002 17003 7ff769da0771 17000->17003 17004 7ff769d94ee8 _fread_nolock 11 API calls 17001->17004 17002->17003 17006 7ff769d8c550 _log10_special 8 API calls 17003->17006 17005 7ff769da075b 17004->17005 17007 7ff769d94f08 _get_daylight 11 API calls 17005->17007 17008 7ff769da061b 17006->17008 17009 7ff769da0766 17007->17009 17008->16983 17008->16984 17010 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17009->17010 17010->17003 17025 7ff769daa4d0 17011->17025 17013 7ff769d9f5ee GetCurrentDirectoryW 17014 7ff769d9f605 17013->17014 17015 7ff769d9f62c 17013->17015 17017 7ff769d8c550 _log10_special 8 API calls 17014->17017 17016 7ff769d9eb98 _get_daylight 11 API calls 17015->17016 17018 7ff769d9f63b 17016->17018 17019 7ff769d9f699 17017->17019 17020 7ff769d9f654 17018->17020 17021 7ff769d9f645 GetCurrentDirectoryW 17018->17021 17019->16983 17023 7ff769d94f08 _get_daylight 11 API calls 17020->17023 17021->17020 17022 7ff769d9f659 17021->17022 17024 7ff769d9a948 __free_lconv_num 11 API calls 17022->17024 17023->17022 17024->17014 17026 7ff769daa4c0 17025->17026 17026->17013 17026->17026 17028 7ff769d9f731 17027->17028 17029 7ff769d9f755 17027->17029 17028->17029 17030 7ff769d9f736 17028->17030 17031 7ff769d9f78f 17029->17031 17034 7ff769d9f7ae 17029->17034 17032 7ff769d94f08 _get_daylight 11 API calls 17030->17032 17033 7ff769d94f08 _get_daylight 11 API calls 17031->17033 17035 7ff769d9f73b 17032->17035 17036 7ff769d9f794 17033->17036 17037 7ff769d94f4c 45 API calls 17034->17037 17038 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17035->17038 17039 7ff769d9a8e0 _invalid_parameter_noinfo 37 API calls 17036->17039 17043 7ff769d9f7bb 17037->17043 17040 7ff769d9f746 17038->17040 17042 7ff769d9f79f 17039->17042 17040->16913 17041 7ff769da04dc 51 API calls 17041->17043 17042->16913 17043->17041 17043->17042

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 00007FF769D889E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 0 7ff769d889e0-7ff769d88b26 call 7ff769d8c850 call 7ff769d89390 SetConsoleCtrlHandler GetStartupInfoW call 7ff769d953f0 call 7ff769d9a47c call 7ff769d9871c call 7ff769d953f0 call 7ff769d9a47c call 7ff769d9871c call 7ff769d953f0 call 7ff769d9a47c call 7ff769d9871c GetCommandLineW CreateProcessW 23 7ff769d88b28-7ff769d88b48 GetLastError call 7ff769d82c50 0->23 24 7ff769d88b4d-7ff769d88b89 RegisterClassW 0->24 31 7ff769d88e39-7ff769d88e5f call 7ff769d8c550 23->31 26 7ff769d88b91-7ff769d88be5 CreateWindowExW 24->26 27 7ff769d88b8b GetLastError 24->27 29 7ff769d88bef-7ff769d88bf4 ShowWindow 26->29 30 7ff769d88be7-7ff769d88bed GetLastError 26->30 27->26 32 7ff769d88bfa-7ff769d88c0a WaitForSingleObject 29->32 30->32 34 7ff769d88c88-7ff769d88c8f 32->34 35 7ff769d88c0c 32->35 36 7ff769d88c91-7ff769d88ca1 WaitForSingleObject 34->36 37 7ff769d88cd2-7ff769d88cd9 34->37 39 7ff769d88c10-7ff769d88c13 35->39 40 7ff769d88ca7-7ff769d88cb7 TerminateProcess 36->40 41 7ff769d88df8-7ff769d88e02 36->41 42 7ff769d88cdf-7ff769d88cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->42 43 7ff769d88dc0-7ff769d88dd9 GetMessageW 37->43 44 7ff769d88c15 GetLastError 39->44 45 7ff769d88c1b-7ff769d88c22 39->45 48 7ff769d88cbf-7ff769d88ccd WaitForSingleObject 40->48 49 7ff769d88cb9 GetLastError 40->49 46 7ff769d88e11-7ff769d88e35 GetExitCodeProcess CloseHandle * 2 41->46 47 7ff769d88e04-7ff769d88e0a DestroyWindow 41->47 50 7ff769d88d00-7ff769d88d38 MsgWaitForMultipleObjects PeekMessageW 42->50 52 7ff769d88def-7ff769d88df6 43->52 53 7ff769d88ddb-7ff769d88de9 TranslateMessage DispatchMessageW 43->53 44->45 45->36 51 7ff769d88c24-7ff769d88c41 PeekMessageW 45->51 46->31 47->46 48->41 49->48 54 7ff769d88d73-7ff769d88d7a 50->54 55 7ff769d88d3a 50->55 56 7ff769d88c43-7ff769d88c74 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff769d88c76-7ff769d88c86 WaitForSingleObject 51->57 52->41 52->43 53->52 54->43 59 7ff769d88d7c-7ff769d88da5 QueryPerformanceCounter 54->59 58 7ff769d88d40-7ff769d88d71 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->34 57->39 58->54 58->58 59->50 60 7ff769d88dab-7ff769d88db2 59->60 60->41 61 7ff769d88db4-7ff769d88db8 60->61 61->43
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                                                    • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                                    • Instruction ID: 90f7392b652f073625edbff6c465d7549db6a5da0ea11b15f89b0be4932d05f6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38D16C32A08A86C6EB10AF74E8542ADB774FF94B58F800235DA5E43BA9DF3CD555C720
                                                                                                                                                                                                                                                                    Function 00007FF769D81000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 62 7ff769d81000-7ff769d83806 call 7ff769d8fe18 call 7ff769d8fe20 call 7ff769d8c850 call 7ff769d953f0 call 7ff769d95484 call 7ff769d836b0 76 7ff769d83808-7ff769d8380f 62->76 77 7ff769d83814-7ff769d83836 call 7ff769d81950 62->77 78 7ff769d83c97-7ff769d83cb2 call 7ff769d8c550 76->78 83 7ff769d8383c-7ff769d83856 call 7ff769d81c80 77->83 84 7ff769d8391b-7ff769d83931 call 7ff769d845c0 77->84 88 7ff769d8385b-7ff769d8389b call 7ff769d88830 83->88 89 7ff769d8396a-7ff769d8397f call 7ff769d82710 84->89 90 7ff769d83933-7ff769d83960 call 7ff769d87f90 84->90 97 7ff769d8389d-7ff769d838a3 88->97 98 7ff769d838c1-7ff769d838cc call 7ff769d94f30 88->98 102 7ff769d83c8f 89->102 100 7ff769d83984-7ff769d839a6 call 7ff769d81c80 90->100 101 7ff769d83962-7ff769d83965 call 7ff769d9004c 90->101 103 7ff769d838a5-7ff769d838ad 97->103 104 7ff769d838af-7ff769d838bd call 7ff769d889a0 97->104 110 7ff769d839fc-7ff769d83a06 call 7ff769d88940 98->110 111 7ff769d838d2-7ff769d838e1 call 7ff769d88830 98->111 115 7ff769d839b0-7ff769d839b9 100->115 101->89 102->78 103->104 104->98 117 7ff769d83a0b-7ff769d83a2a call 7ff769d889a0 * 3 110->117 119 7ff769d838e7-7ff769d838ed 111->119 120 7ff769d839f4-7ff769d839f7 call 7ff769d94f30 111->120 115->115 118 7ff769d839bb-7ff769d839d8 call 7ff769d81950 115->118 138 7ff769d83a2f-7ff769d83a3e call 7ff769d88830 117->138 118->88 127 7ff769d839de-7ff769d839ef call 7ff769d82710 118->127 125 7ff769d838f0-7ff769d838fc 119->125 120->110 128 7ff769d838fe-7ff769d83903 125->128 129 7ff769d83905-7ff769d83908 125->129 127->102 128->125 128->129 129->120 132 7ff769d8390e-7ff769d83916 call 7ff769d94f30 129->132 132->138 141 7ff769d83b45-7ff769d83b53 138->141 142 7ff769d83a44-7ff769d83a47 138->142 144 7ff769d83b59-7ff769d83b5d 141->144 145 7ff769d83a67 141->145 142->141 143 7ff769d83a4d-7ff769d83a50 142->143 146 7ff769d83a56-7ff769d83a5a 143->146 147 7ff769d83b14-7ff769d83b17 143->147 148 7ff769d83a6b-7ff769d83a90 call 7ff769d94f30 144->148 145->148 146->147 149 7ff769d83a60 146->149 150 7ff769d83b19-7ff769d83b1d 147->150 151 7ff769d83b2f-7ff769d83b40 call 7ff769d82710 147->151 157 7ff769d83aab-7ff769d83ac0 148->157 158 7ff769d83a92-7ff769d83aa6 call 7ff769d88940 148->158 149->145 150->151 153 7ff769d83b1f-7ff769d83b2a 150->153 159 7ff769d83c7f-7ff769d83c87 151->159 153->148 161 7ff769d83be8-7ff769d83bfa call 7ff769d88830 157->161 162 7ff769d83ac6-7ff769d83aca 157->162 158->157 159->102 170 7ff769d83c2e 161->170 171 7ff769d83bfc-7ff769d83c02 161->171 164 7ff769d83bcd-7ff769d83be2 call 7ff769d81940 162->164 165 7ff769d83ad0-7ff769d83ae8 call 7ff769d95250 162->165 164->161 164->162 173 7ff769d83aea-7ff769d83b02 call 7ff769d95250 165->173 174 7ff769d83b62-7ff769d83b7a call 7ff769d95250 165->174 175 7ff769d83c31-7ff769d83c40 call 7ff769d94f30 170->175 176 7ff769d83c1e-7ff769d83c2c 171->176 177 7ff769d83c04-7ff769d83c1c 171->177 173->164 184 7ff769d83b08-7ff769d83b0f 173->184 187 7ff769d83b7c-7ff769d83b80 174->187 188 7ff769d83b87-7ff769d83b9f call 7ff769d95250 174->188 185 7ff769d83c46-7ff769d83c4a 175->185 186 7ff769d83d41-7ff769d83d63 call 7ff769d844e0 175->186 176->175 177->175 184->164 190 7ff769d83cd4-7ff769d83ce6 call 7ff769d88830 185->190 191 7ff769d83c50-7ff769d83c5f call 7ff769d890e0 185->191 201 7ff769d83d65-7ff769d83d6f call 7ff769d84630 186->201 202 7ff769d83d71-7ff769d83d82 call 7ff769d81c80 186->202 187->188 197 7ff769d83bac-7ff769d83bc4 call 7ff769d95250 188->197 198 7ff769d83ba1-7ff769d83ba5 188->198 206 7ff769d83ce8-7ff769d83ceb 190->206 207 7ff769d83d35-7ff769d83d3c 190->207 204 7ff769d83cb3-7ff769d83cb6 call 7ff769d88660 191->204 205 7ff769d83c61 191->205 197->164 219 7ff769d83bc6 197->219 198->197 215 7ff769d83d87-7ff769d83d96 201->215 202->215 218 7ff769d83cbb-7ff769d83cbd 204->218 212 7ff769d83c68 call 7ff769d82710 205->212 206->207 213 7ff769d83ced-7ff769d83d10 call 7ff769d81c80 206->213 207->212 226 7ff769d83c6d-7ff769d83c77 212->226 230 7ff769d83d2b-7ff769d83d33 call 7ff769d94f30 213->230 231 7ff769d83d12-7ff769d83d26 call 7ff769d82710 call 7ff769d94f30 213->231 216 7ff769d83d98-7ff769d83d9f 215->216 217 7ff769d83dc4-7ff769d83dda call 7ff769d89390 215->217 216->217 222 7ff769d83da1-7ff769d83da5 216->222 233 7ff769d83ddc 217->233 234 7ff769d83de8-7ff769d83e04 SetDllDirectoryW 217->234 224 7ff769d83cc8-7ff769d83ccf 218->224 225 7ff769d83cbf-7ff769d83cc6 218->225 219->164 222->217 228 7ff769d83da7-7ff769d83dbe SetDllDirectoryW LoadLibraryExW 222->228 224->215 225->212 226->159 228->217 230->215 231->226 233->234 238 7ff769d83e0a-7ff769d83e19 call 7ff769d88830 234->238 239 7ff769d83f01-7ff769d83f08 234->239 251 7ff769d83e1b-7ff769d83e21 238->251 252 7ff769d83e32-7ff769d83e3c call 7ff769d94f30 238->252 241 7ff769d83f0e-7ff769d83f15 239->241 242 7ff769d84008-7ff769d84010 239->242 241->242 245 7ff769d83f1b-7ff769d83f25 call 7ff769d833c0 241->245 246 7ff769d84035-7ff769d84067 call 7ff769d836a0 call 7ff769d83360 call 7ff769d83670 call 7ff769d86fc0 call 7ff769d86d70 242->246 247 7ff769d84012-7ff769d8402f PostMessageW GetMessageW 242->247 245->226 259 7ff769d83f2b-7ff769d83f3f call 7ff769d890c0 245->259 247->246 256 7ff769d83e2d-7ff769d83e2f 251->256 257 7ff769d83e23-7ff769d83e2b 251->257 261 7ff769d83ef2-7ff769d83efc call 7ff769d88940 252->261 262 7ff769d83e42-7ff769d83e48 252->262 256->252 257->256 271 7ff769d83f64-7ff769d83fa0 call 7ff769d88940 call 7ff769d889e0 call 7ff769d86fc0 call 7ff769d86d70 call 7ff769d888e0 259->271 272 7ff769d83f41-7ff769d83f5e PostMessageW GetMessageW 259->272 261->239 262->261 266 7ff769d83e4e-7ff769d83e54 262->266 269 7ff769d83e56-7ff769d83e58 266->269 270 7ff769d83e5f-7ff769d83e61 266->270 275 7ff769d83e5a 269->275 276 7ff769d83e67-7ff769d83e83 call 7ff769d86dc0 call 7ff769d87340 269->276 270->239 270->276 307 7ff769d83fa5-7ff769d83fa7 271->307 272->271 275->239 290 7ff769d83e8e-7ff769d83e95 276->290 291 7ff769d83e85-7ff769d83e8c 276->291 294 7ff769d83e97-7ff769d83ea4 call 7ff769d86e00 290->294 295 7ff769d83eaf-7ff769d83eb9 call 7ff769d871b0 290->295 293 7ff769d83edb-7ff769d83ef0 call 7ff769d82a50 call 7ff769d86fc0 call 7ff769d86d70 291->293 293->239 294->295 304 7ff769d83ea6-7ff769d83ead 294->304 305 7ff769d83ebb-7ff769d83ec2 295->305 306 7ff769d83ec4-7ff769d83ed2 call 7ff769d874f0 295->306 304->293 305->293 306->239 319 7ff769d83ed4 306->319 310 7ff769d83fa9-7ff769d83fbf call 7ff769d88ed0 call 7ff769d888e0 307->310 311 7ff769d83ff5-7ff769d84003 call 7ff769d81900 307->311 310->311 323 7ff769d83fc1-7ff769d83fd6 310->323 311->226 319->293 324 7ff769d83fd8-7ff769d83feb call 7ff769d82710 call 7ff769d81900 323->324 325 7ff769d83ff0 call 7ff769d82a50 323->325 324->226 325->311
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                                    • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                                                    • Opcode ID: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                                                    • Instruction ID: e7b51787daf672eb8ad7bc5a675ae2fb8a47a4e58644b7cf7c21f7bdfd137d90
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65328621A0C682E1EA29BF25D6543B9F6B1AF44784FC44432DA5D436D7EF2CE569C320
                                                                                                                                                                                                                                                                    Function 00007FF769DA5C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 479 7ff769da5c00-7ff769da5c3b call 7ff769da5588 call 7ff769da5590 call 7ff769da55f8 486 7ff769da5c41-7ff769da5c4c call 7ff769da5598 479->486 487 7ff769da5e65-7ff769da5eb1 call 7ff769d9a900 call 7ff769da5588 call 7ff769da5590 call 7ff769da55f8 479->487 486->487 493 7ff769da5c52-7ff769da5c5c 486->493 513 7ff769da5fef-7ff769da605d call 7ff769d9a900 call 7ff769da1578 487->513 514 7ff769da5eb7-7ff769da5ec2 call 7ff769da5598 487->514 494 7ff769da5c7e-7ff769da5c82 493->494 495 7ff769da5c5e-7ff769da5c61 493->495 498 7ff769da5c85-7ff769da5c8d 494->498 497 7ff769da5c64-7ff769da5c6f 495->497 500 7ff769da5c71-7ff769da5c78 497->500 501 7ff769da5c7a-7ff769da5c7c 497->501 498->498 502 7ff769da5c8f-7ff769da5ca2 call 7ff769d9d5fc 498->502 500->497 500->501 501->494 504 7ff769da5cab-7ff769da5cb9 501->504 509 7ff769da5ca4-7ff769da5ca6 call 7ff769d9a948 502->509 510 7ff769da5cba-7ff769da5cc6 call 7ff769d9a948 502->510 509->504 521 7ff769da5ccd-7ff769da5cd5 510->521 533 7ff769da605f-7ff769da6066 513->533 534 7ff769da606b-7ff769da606e 513->534 514->513 524 7ff769da5ec8-7ff769da5ed3 call 7ff769da55c8 514->524 521->521 522 7ff769da5cd7-7ff769da5ce8 call 7ff769da0474 521->522 522->487 532 7ff769da5cee-7ff769da5d44 call 7ff769daa4d0 * 4 call 7ff769da5b1c 522->532 524->513 531 7ff769da5ed9-7ff769da5efc call 7ff769d9a948 GetTimeZoneInformation 524->531 545 7ff769da5f02-7ff769da5f23 531->545 546 7ff769da5fc4-7ff769da5fee call 7ff769da5580 call 7ff769da5570 call 7ff769da5578 531->546 591 7ff769da5d46-7ff769da5d4a 532->591 537 7ff769da60fb-7ff769da60fe 533->537 538 7ff769da6070 534->538 539 7ff769da60a5-7ff769da60b8 call 7ff769d9d5fc 534->539 542 7ff769da6073 537->542 543 7ff769da6104-7ff769da610c call 7ff769da5c00 537->543 538->542 558 7ff769da60c3-7ff769da60de call 7ff769da1578 539->558 559 7ff769da60ba 539->559 548 7ff769da6078-7ff769da60a4 call 7ff769d9a948 call 7ff769d8c550 542->548 549 7ff769da6073 call 7ff769da5e7c 542->549 543->548 552 7ff769da5f25-7ff769da5f2b 545->552 553 7ff769da5f2e-7ff769da5f35 545->553 549->548 552->553 562 7ff769da5f37-7ff769da5f3f 553->562 563 7ff769da5f49 553->563 575 7ff769da60e0-7ff769da60e3 558->575 576 7ff769da60e5-7ff769da60f7 call 7ff769d9a948 558->576 560 7ff769da60bc-7ff769da60c1 call 7ff769d9a948 559->560 560->538 562->563 569 7ff769da5f41-7ff769da5f47 562->569 572 7ff769da5f4b-7ff769da5fbf call 7ff769daa4d0 * 4 call 7ff769da2b5c call 7ff769da6114 * 2 563->572 569->572 572->546 575->560 576->537 594 7ff769da5d50-7ff769da5d54 591->594 595 7ff769da5d4c 591->595 594->591 597 7ff769da5d56-7ff769da5d7b call 7ff769d96b58 594->597 595->594 603 7ff769da5d7e-7ff769da5d82 597->603 605 7ff769da5d91-7ff769da5d95 603->605 606 7ff769da5d84-7ff769da5d8f 603->606 605->603 606->605 608 7ff769da5d97-7ff769da5d9b 606->608 610 7ff769da5e1c-7ff769da5e20 608->610 611 7ff769da5d9d-7ff769da5dc5 call 7ff769d96b58 608->611 612 7ff769da5e22-7ff769da5e24 610->612 613 7ff769da5e27-7ff769da5e34 610->613 619 7ff769da5de3-7ff769da5de7 611->619 620 7ff769da5dc7 611->620 612->613 615 7ff769da5e4f-7ff769da5e5e call 7ff769da5580 call 7ff769da5570 613->615 616 7ff769da5e36-7ff769da5e4c call 7ff769da5b1c 613->616 615->487 616->615 619->610 625 7ff769da5de9-7ff769da5e07 call 7ff769d96b58 619->625 623 7ff769da5dca-7ff769da5dd1 620->623 623->619 627 7ff769da5dd3-7ff769da5de1 623->627 631 7ff769da5e13-7ff769da5e1a 625->631 627->619 627->623 631->610 632 7ff769da5e09-7ff769da5e0d 631->632 632->610 633 7ff769da5e0f 632->633 633->631
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5C45
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769DA5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769DA55AC
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A95E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: GetLastError.KERNEL32(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A968
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF769D9A8DF,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9A909
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF769D9A8DF,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9A92E
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5C34
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769DA55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769DA560C
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5EAA
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5EBB
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5ECC
                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF769DA610C), ref: 00007FF769DA5EF3
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                                    • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                                    • Instruction ID: cb13898e2534c96b71d20ad69ae767eeeaa8016ca65cf32cafede196cf6fa654
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CD1AD22A08252C6EB24BF25D8411BDF7B1EF94794FC48136EA0D87B95DF3CE4618760
                                                                                                                                                                                                                                                                    Function 00007FF769DA6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 693 7ff769da6964-7ff769da69d7 call 7ff769da6698 696 7ff769da69f1-7ff769da69fb call 7ff769d98520 693->696 697 7ff769da69d9-7ff769da69e2 call 7ff769d94ee8 693->697 703 7ff769da6a16-7ff769da6a7f CreateFileW 696->703 704 7ff769da69fd-7ff769da6a14 call 7ff769d94ee8 call 7ff769d94f08 696->704 702 7ff769da69e5-7ff769da69ec call 7ff769d94f08 697->702 719 7ff769da6d32-7ff769da6d52 702->719 705 7ff769da6a81-7ff769da6a87 703->705 706 7ff769da6afc-7ff769da6b07 GetFileType 703->706 704->702 709 7ff769da6ac9-7ff769da6af7 GetLastError call 7ff769d94e7c 705->709 710 7ff769da6a89-7ff769da6a8d 705->710 712 7ff769da6b5a-7ff769da6b61 706->712 713 7ff769da6b09-7ff769da6b44 GetLastError call 7ff769d94e7c CloseHandle 706->713 709->702 710->709 717 7ff769da6a8f-7ff769da6ac7 CreateFileW 710->717 715 7ff769da6b63-7ff769da6b67 712->715 716 7ff769da6b69-7ff769da6b6c 712->716 713->702 728 7ff769da6b4a-7ff769da6b55 call 7ff769d94f08 713->728 723 7ff769da6b72-7ff769da6bc7 call 7ff769d98438 715->723 716->723 724 7ff769da6b6e 716->724 717->706 717->709 731 7ff769da6be6-7ff769da6c17 call 7ff769da6418 723->731 732 7ff769da6bc9-7ff769da6bd5 call 7ff769da68a0 723->732 724->723 728->702 738 7ff769da6c19-7ff769da6c1b 731->738 739 7ff769da6c1d-7ff769da6c5f 731->739 732->731 740 7ff769da6bd7 732->740 741 7ff769da6bd9-7ff769da6be1 call 7ff769d9aac0 738->741 742 7ff769da6c81-7ff769da6c8c 739->742 743 7ff769da6c61-7ff769da6c65 739->743 740->741 741->719 745 7ff769da6d30 742->745 746 7ff769da6c92-7ff769da6c96 742->746 743->742 744 7ff769da6c67-7ff769da6c7c 743->744 744->742 745->719 746->745 748 7ff769da6c9c-7ff769da6ce1 CloseHandle CreateFileW 746->748 750 7ff769da6ce3-7ff769da6d11 GetLastError call 7ff769d94e7c call 7ff769d98660 748->750 751 7ff769da6d16-7ff769da6d2b 748->751 750->751 751->745
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                    • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                                    • Instruction ID: d97af745f536963456a41bdac505dd0ef302a0dcddc63e9ce93b171d03d73715
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12C1BF36B28A46C5EB10EFA9C4902AC7771FB49B98B815235DE2E97BD5CF38D461C310
                                                                                                                                                                                                                                                                    Function 00007FF769D883C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D8842B
                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D884AE
                                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D884CD
                                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D884DB
                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D884EC
                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,00007FF769D88919,00007FF769D83FA5), ref: 00007FF769D884F5
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                                    • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                                    • Instruction ID: 66aa4d135fdb321b59816430d46983667923ad3452bc1b6c6dae4157f4eaccd4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE415222A0C946D5EA20BF64E5441BAF3B1FB94754FD00232D96D43AD9EF3CD5468760
                                                                                                                                                                                                                                                                    Function 00007FF769DA5E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 1014 7ff769da5e7c-7ff769da5eb1 call 7ff769da5588 call 7ff769da5590 call 7ff769da55f8 1021 7ff769da5fef-7ff769da605d call 7ff769d9a900 call 7ff769da1578 1014->1021 1022 7ff769da5eb7-7ff769da5ec2 call 7ff769da5598 1014->1022 1034 7ff769da605f-7ff769da6066 1021->1034 1035 7ff769da606b-7ff769da606e 1021->1035 1022->1021 1028 7ff769da5ec8-7ff769da5ed3 call 7ff769da55c8 1022->1028 1028->1021 1033 7ff769da5ed9-7ff769da5efc call 7ff769d9a948 GetTimeZoneInformation 1028->1033 1044 7ff769da5f02-7ff769da5f23 1033->1044 1045 7ff769da5fc4-7ff769da5fee call 7ff769da5580 call 7ff769da5570 call 7ff769da5578 1033->1045 1037 7ff769da60fb-7ff769da60fe 1034->1037 1038 7ff769da6070 1035->1038 1039 7ff769da60a5-7ff769da60b8 call 7ff769d9d5fc 1035->1039 1041 7ff769da6073 1037->1041 1042 7ff769da6104-7ff769da610c call 7ff769da5c00 1037->1042 1038->1041 1055 7ff769da60c3-7ff769da60de call 7ff769da1578 1039->1055 1056 7ff769da60ba 1039->1056 1046 7ff769da6078-7ff769da60a4 call 7ff769d9a948 call 7ff769d8c550 1041->1046 1047 7ff769da6073 call 7ff769da5e7c 1041->1047 1042->1046 1050 7ff769da5f25-7ff769da5f2b 1044->1050 1051 7ff769da5f2e-7ff769da5f35 1044->1051 1047->1046 1050->1051 1059 7ff769da5f37-7ff769da5f3f 1051->1059 1060 7ff769da5f49 1051->1060 1070 7ff769da60e0-7ff769da60e3 1055->1070 1071 7ff769da60e5-7ff769da60f7 call 7ff769d9a948 1055->1071 1057 7ff769da60bc-7ff769da60c1 call 7ff769d9a948 1056->1057 1057->1038 1059->1060 1065 7ff769da5f41-7ff769da5f47 1059->1065 1067 7ff769da5f4b-7ff769da5fbf call 7ff769daa4d0 * 4 call 7ff769da2b5c call 7ff769da6114 * 2 1060->1067 1065->1067 1067->1045 1070->1057 1071->1037
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5EAA
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769DA55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769DA560C
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5EBB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769DA5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769DA55AC
                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF769DA5ECC
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769DA55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769DA55DC
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A95E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: GetLastError.KERNEL32(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A968
                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF769DA610C), ref: 00007FF769DA5EF3
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                                    • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                                    • Instruction ID: 5c5a5d8975b94a14c6028e75356af7888d1342d01ec9e447ae6b25244bce314f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3515E32A08642D6E710FF25E9815ADF771BB58784FC04136EA4D87B96DF3CE4518BA0
                                                                                                                                                                                                                                                                    Function 00007FF769D89280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                                    • Instruction ID: 630c02c4533f178191bc99e9400bac99b728b83ed01ed37c1ec1178bc19cd170
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73F0C822A18741C6F7A09F60F58876AF370EB84724F840335D9AD02AD5DF3CD059CA10
                                                                                                                                                                                                                                                                    Function 00007FF769DA08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                                                    • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                                    • Instruction ID: aa5c1ff4079390e8daf59df03678fda96120dfaf783248045f17e7fa9cffeb69
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A029A22A1D653C1FE65BF15D800279B6A4AF42BE4FC58634DE6D56BD2DF3CE8218320
                                                                                                                                                                                                                                                                    Function 00007FF769D81950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 331 7ff769d81950-7ff769d8198b call 7ff769d845c0 334 7ff769d81c4e-7ff769d81c72 call 7ff769d8c550 331->334 335 7ff769d81991-7ff769d819d1 call 7ff769d87f90 331->335 340 7ff769d81c3b-7ff769d81c3e call 7ff769d9004c 335->340 341 7ff769d819d7-7ff769d819e7 call 7ff769d906d4 335->341 345 7ff769d81c43-7ff769d81c4b 340->345 346 7ff769d819e9-7ff769d81a03 call 7ff769d94f08 call 7ff769d82910 341->346 347 7ff769d81a08-7ff769d81a24 call 7ff769d9039c 341->347 345->334 346->340 353 7ff769d81a26-7ff769d81a40 call 7ff769d94f08 call 7ff769d82910 347->353 354 7ff769d81a45-7ff769d81a5a call 7ff769d94f28 347->354 353->340 360 7ff769d81a5c-7ff769d81a76 call 7ff769d94f08 call 7ff769d82910 354->360 361 7ff769d81a7b-7ff769d81afc call 7ff769d81c80 * 2 call 7ff769d906d4 354->361 360->340 373 7ff769d81b01-7ff769d81b14 call 7ff769d94f44 361->373 376 7ff769d81b16-7ff769d81b30 call 7ff769d94f08 call 7ff769d82910 373->376 377 7ff769d81b35-7ff769d81b4e call 7ff769d9039c 373->377 376->340 383 7ff769d81b50-7ff769d81b6a call 7ff769d94f08 call 7ff769d82910 377->383 384 7ff769d81b6f-7ff769d81b8b call 7ff769d90110 377->384 383->340 390 7ff769d81b9e-7ff769d81bac 384->390 391 7ff769d81b8d-7ff769d81b99 call 7ff769d82710 384->391 390->340 394 7ff769d81bb2-7ff769d81bb9 390->394 391->340 397 7ff769d81bc1-7ff769d81bc7 394->397 398 7ff769d81bc9-7ff769d81bd6 397->398 399 7ff769d81be0-7ff769d81bef 397->399 400 7ff769d81bf1-7ff769d81bfa 398->400 399->399 399->400 401 7ff769d81bfc-7ff769d81bff 400->401 402 7ff769d81c0f 400->402 401->402 404 7ff769d81c01-7ff769d81c04 401->404 403 7ff769d81c11-7ff769d81c24 402->403 405 7ff769d81c2d-7ff769d81c39 403->405 406 7ff769d81c26 403->406 404->402 407 7ff769d81c06-7ff769d81c09 404->407 405->340 405->397 406->405 407->402 408 7ff769d81c0b-7ff769d81c0d 407->408 408->403
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D87F90: _fread_nolock.LIBCMT ref: 00007FF769D8803A
                                                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF769D81A1B
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF769D81B6A), ref: 00007FF769D8295E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                                    • Opcode ID: 85af813c0b0c69426d4f81882584102d3122cb9bfe94396efcbe029e9c31af02
                                                                                                                                                                                                                                                                    • Instruction ID: ac9b8fde0cd980cd1fd85def98546dc25fe801d46097abb5c25aff8ca64bdb1d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85af813c0b0c69426d4f81882584102d3122cb9bfe94396efcbe029e9c31af02
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83819F71A08686C6EB20FF24D1452B9F3B0EF49784F844531EA9D47B86DF3CE58A8760
                                                                                                                                                                                                                                                                    Function 00007FF769D81600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 409 7ff769d81600-7ff769d81611 410 7ff769d81637-7ff769d81651 call 7ff769d845c0 409->410 411 7ff769d81613-7ff769d8161c call 7ff769d81050 409->411 418 7ff769d81653-7ff769d81681 call 7ff769d94f08 call 7ff769d82910 410->418 419 7ff769d81682-7ff769d8169c call 7ff769d845c0 410->419 416 7ff769d8162e-7ff769d81636 411->416 417 7ff769d8161e-7ff769d81629 call 7ff769d82710 411->417 417->416 426 7ff769d8169e-7ff769d816b3 call 7ff769d82710 419->426 427 7ff769d816b8-7ff769d816cf call 7ff769d906d4 419->427 433 7ff769d81821-7ff769d81824 call 7ff769d9004c 426->433 434 7ff769d816f9-7ff769d816fd 427->434 435 7ff769d816d1-7ff769d816f4 call 7ff769d94f08 call 7ff769d82910 427->435 440 7ff769d81829-7ff769d8183b 433->440 438 7ff769d81717-7ff769d81737 call 7ff769d94f44 434->438 439 7ff769d816ff-7ff769d8170b call 7ff769d81210 434->439 450 7ff769d81819-7ff769d8181c call 7ff769d9004c 435->450 447 7ff769d81739-7ff769d8175c call 7ff769d94f08 call 7ff769d82910 438->447 448 7ff769d81761-7ff769d8176c 438->448 446 7ff769d81710-7ff769d81712 439->446 446->450 463 7ff769d8180f-7ff769d81814 447->463 452 7ff769d81802-7ff769d8180a call 7ff769d94f30 448->452 453 7ff769d81772-7ff769d81777 448->453 450->433 452->463 456 7ff769d81780-7ff769d817a2 call 7ff769d9039c 453->456 464 7ff769d817da-7ff769d817e6 call 7ff769d94f08 456->464 465 7ff769d817a4-7ff769d817bc call 7ff769d90adc 456->465 463->450 470 7ff769d817ed-7ff769d817f8 call 7ff769d82910 464->470 471 7ff769d817be-7ff769d817c1 465->471 472 7ff769d817c5-7ff769d817d8 call 7ff769d94f08 465->472 476 7ff769d817fd 470->476 471->456 475 7ff769d817c3 471->475 472->470 475->476 476->452
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                                    • Opcode ID: e3191d3c1863fdc148b865684561a8a90bf1fbfb0db1f2a60b60e414af9c3315
                                                                                                                                                                                                                                                                    • Instruction ID: 654ecc8f93489099b5beba19b431c00d3cf6b2ac3c0e98bc6c79e488dd83a48b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3191d3c1863fdc148b865684561a8a90bf1fbfb0db1f2a60b60e414af9c3315
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0516861A08647D2EA10BF62EA011A9F3B0BF44794FC44535EE6C07BD6DF3CE55A8760
                                                                                                                                                                                                                                                                    Function 00007FF769D88660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF769D83CBB), ref: 00007FF769D88704
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF769D83CBB), ref: 00007FF769D8870A
                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00007FF769D83CBB), ref: 00007FF769D8874C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88830: GetEnvironmentVariableW.KERNEL32(00007FF769D8388E), ref: 00007FF769D88867
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF769D88889
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D98238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF769D98251
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82810: MessageBoxW.USER32 ref: 00007FF769D828EA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                                                    • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                                    • Instruction ID: c3b2a7a5c8e3c5600743c37732fb711de48a33cd7eff452aab5a9e7d925ef847
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD415C11A19642C4EA10FF65AA652B9F2B0AF85BD4FC44132ED1E477DBDF3CE902C260
                                                                                                                                                                                                                                                                    Function 00007FF769D81210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 756 7ff769d81210-7ff769d8126d call 7ff769d8bd80 759 7ff769d81297-7ff769d812af call 7ff769d94f44 756->759 760 7ff769d8126f-7ff769d81296 call 7ff769d82710 756->760 765 7ff769d812d4-7ff769d812e4 call 7ff769d94f44 759->765 766 7ff769d812b1-7ff769d812cf call 7ff769d94f08 call 7ff769d82910 759->766 771 7ff769d81309-7ff769d8131b 765->771 772 7ff769d812e6-7ff769d81304 call 7ff769d94f08 call 7ff769d82910 765->772 779 7ff769d81439-7ff769d8144e call 7ff769d8ba60 call 7ff769d94f30 * 2 766->779 775 7ff769d81320-7ff769d81345 call 7ff769d9039c 771->775 772->779 785 7ff769d8134b-7ff769d81355 call 7ff769d90110 775->785 786 7ff769d81431 775->786 793 7ff769d81453-7ff769d8146d 779->793 785->786 792 7ff769d8135b-7ff769d81367 785->792 786->779 794 7ff769d81370-7ff769d81398 call 7ff769d8a1c0 792->794 797 7ff769d8139a-7ff769d8139d 794->797 798 7ff769d81416-7ff769d8142c call 7ff769d82710 794->798 799 7ff769d81411 797->799 800 7ff769d8139f-7ff769d813a9 797->800 798->786 799->798 802 7ff769d813ab-7ff769d813b9 call 7ff769d90adc 800->802 803 7ff769d813d4-7ff769d813d7 800->803 807 7ff769d813be-7ff769d813c1 802->807 805 7ff769d813ea-7ff769d813ef 803->805 806 7ff769d813d9-7ff769d813e7 call 7ff769da9e30 803->806 805->794 809 7ff769d813f5-7ff769d813f8 805->809 806->805 812 7ff769d813c3-7ff769d813cd call 7ff769d90110 807->812 813 7ff769d813cf-7ff769d813d2 807->813 810 7ff769d8140c-7ff769d8140f 809->810 811 7ff769d813fa-7ff769d813fd 809->811 810->786 811->798 815 7ff769d813ff-7ff769d81407 811->815 812->805 812->813 813->798 815->775
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                                    • Opcode ID: edbc7fc629fea5b907d296325bff14fa59ab7a9c376bf005d102d457c092301b
                                                                                                                                                                                                                                                                    • Instruction ID: d6136bc7bc74d69bbd0f240ea97ea676f3b69c2e7c8cc3755187697c7168e1d1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edbc7fc629fea5b907d296325bff14fa59ab7a9c376bf005d102d457c092301b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B951BF22A08646C5EA60BF15E5503BAF2A0BF85B94FC44131EE5D47BD6EF3CE906C720
                                                                                                                                                                                                                                                                    Function 00007FF769D9ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF769D9F0AA,?,?,-00000018,00007FF769D9AD53,?,?,?,00007FF769D9AC4A,?,?,?,00007FF769D95F3E), ref: 00007FF769D9EE8C
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF769D9F0AA,?,?,-00000018,00007FF769D9AD53,?,?,?,00007FF769D9AC4A,?,?,?,00007FF769D95F3E), ref: 00007FF769D9EE98
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                    • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                                    • Instruction ID: 4f66a17202492eb7e71a27f32344ef62ee557317bec89c42630b49f16f57cdca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF41B061B1AA12D1EA15BF16D900675B2B1BF49BD0FC84539DD1D87788EF3CE8458234
                                                                                                                                                                                                                                                                    Function 00007FF769D836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF769D83804), ref: 00007FF769D836E1
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D83804), ref: 00007FF769D836EB
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF769D83706,?,00007FF769D83804), ref: 00007FF769D82C9E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF769D83706,?,00007FF769D83804), ref: 00007FF769D82D63
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82C50: MessageBoxW.USER32 ref: 00007FF769D82D99
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                                    • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                                    • Instruction ID: 9417ef42a8af7e1bb581ddb8ff4ea45efd3450a097a89c276a6fff9fb87e9c34
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29216251B18542C1FE20BF24E9153BAF270BF44394FC00231E65E826D6EF2CE505C324
                                                                                                                                                                                                                                                                    Function 00007FF769D9BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 901 7ff769d9ba5c-7ff769d9ba82 902 7ff769d9ba84-7ff769d9ba98 call 7ff769d94ee8 call 7ff769d94f08 901->902 903 7ff769d9ba9d-7ff769d9baa1 901->903 921 7ff769d9be8e 902->921 905 7ff769d9be77-7ff769d9be83 call 7ff769d94ee8 call 7ff769d94f08 903->905 906 7ff769d9baa7-7ff769d9baae 903->906 923 7ff769d9be89 call 7ff769d9a8e0 905->923 906->905 908 7ff769d9bab4-7ff769d9bae2 906->908 908->905 911 7ff769d9bae8-7ff769d9baef 908->911 915 7ff769d9baf1-7ff769d9bb03 call 7ff769d94ee8 call 7ff769d94f08 911->915 916 7ff769d9bb08-7ff769d9bb0b 911->916 915->923 919 7ff769d9bb11-7ff769d9bb17 916->919 920 7ff769d9be73-7ff769d9be75 916->920 919->920 925 7ff769d9bb1d-7ff769d9bb20 919->925 924 7ff769d9be91-7ff769d9bea8 920->924 921->924 923->921 925->915 928 7ff769d9bb22-7ff769d9bb47 925->928 930 7ff769d9bb7a-7ff769d9bb81 928->930 931 7ff769d9bb49-7ff769d9bb4b 928->931 932 7ff769d9bb83-7ff769d9bbab call 7ff769d9d5fc call 7ff769d9a948 * 2 930->932 933 7ff769d9bb56-7ff769d9bb6d call 7ff769d94ee8 call 7ff769d94f08 call 7ff769d9a8e0 930->933 934 7ff769d9bb72-7ff769d9bb78 931->934 935 7ff769d9bb4d-7ff769d9bb54 931->935 964 7ff769d9bbc8-7ff769d9bbf3 call 7ff769d9c284 932->964 965 7ff769d9bbad-7ff769d9bbc3 call 7ff769d94f08 call 7ff769d94ee8 932->965 962 7ff769d9bd00 933->962 936 7ff769d9bbf8-7ff769d9bc0f 934->936 935->933 935->934 939 7ff769d9bc11-7ff769d9bc19 936->939 940 7ff769d9bc8a-7ff769d9bc94 call 7ff769da391c 936->940 939->940 943 7ff769d9bc1b-7ff769d9bc1d 939->943 953 7ff769d9bc9a-7ff769d9bcaf 940->953 954 7ff769d9bd1e 940->954 943->940 947 7ff769d9bc1f-7ff769d9bc35 943->947 947->940 951 7ff769d9bc37-7ff769d9bc43 947->951 951->940 958 7ff769d9bc45-7ff769d9bc47 951->958 953->954 956 7ff769d9bcb1-7ff769d9bcc3 GetConsoleMode 953->956 960 7ff769d9bd23-7ff769d9bd43 ReadFile 954->960 956->954 961 7ff769d9bcc5-7ff769d9bccd 956->961 958->940 963 7ff769d9bc49-7ff769d9bc61 958->963 966 7ff769d9bd49-7ff769d9bd51 960->966 967 7ff769d9be3d-7ff769d9be46 GetLastError 960->967 961->960 969 7ff769d9bccf-7ff769d9bcf1 ReadConsoleW 961->969 972 7ff769d9bd03-7ff769d9bd0d call 7ff769d9a948 962->972 963->940 973 7ff769d9bc63-7ff769d9bc6f 963->973 964->936 965->962 966->967 975 7ff769d9bd57 966->975 970 7ff769d9be63-7ff769d9be66 967->970 971 7ff769d9be48-7ff769d9be5e call 7ff769d94f08 call 7ff769d94ee8 967->971 977 7ff769d9bd12-7ff769d9bd1c 969->977 978 7ff769d9bcf3 GetLastError 969->978 982 7ff769d9bcf9-7ff769d9bcfb call 7ff769d94e7c 970->982 983 7ff769d9be6c-7ff769d9be6e 970->983 971->962 972->924 973->940 981 7ff769d9bc71-7ff769d9bc73 973->981 985 7ff769d9bd5e-7ff769d9bd73 975->985 977->985 978->982 981->940 990 7ff769d9bc75-7ff769d9bc85 981->990 982->962 983->972 985->972 986 7ff769d9bd75-7ff769d9bd80 985->986 992 7ff769d9bd82-7ff769d9bd9b call 7ff769d9b674 986->992 993 7ff769d9bda7-7ff769d9bdaf 986->993 990->940 1001 7ff769d9bda0-7ff769d9bda2 992->1001 997 7ff769d9bdb1-7ff769d9bdc3 993->997 998 7ff769d9be2b-7ff769d9be38 call 7ff769d9b4b4 993->998 1002 7ff769d9bdc5 997->1002 1003 7ff769d9be1e-7ff769d9be26 997->1003 998->1001 1001->972 1005 7ff769d9bdca-7ff769d9bdd1 1002->1005 1003->972 1006 7ff769d9bdd3-7ff769d9bdd7 1005->1006 1007 7ff769d9be0d-7ff769d9be18 1005->1007 1008 7ff769d9bdf3 1006->1008 1009 7ff769d9bdd9-7ff769d9bde0 1006->1009 1007->1003 1011 7ff769d9bdf9-7ff769d9be09 1008->1011 1009->1008 1010 7ff769d9bde2-7ff769d9bde6 1009->1010 1010->1008 1012 7ff769d9bde8-7ff769d9bdf1 1010->1012 1011->1005 1013 7ff769d9be0b 1011->1013 1012->1011 1013->1003
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                                    • Instruction ID: 62d094f80c64dcc7684082c0f6acc42e3dd21ea160b1e24289f37fe2bdf85580
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60C1B022A0CA86D5E661BF1594402BEBBB4FB81B90FD64131EA4E037D2CF7CEC458760
                                                                                                                                                                                                                                                                    Function 00007FF769D88570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                                    • Instruction ID: cde4ac4cc0e40b1d36d2bd070050404fe6c56a0f92e92c1d5dbf9bdf8d6caec7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09214D71A0C647C2EA10AF55F64522AF7B0EB85BE0F900235EAAD43BE9DF6CD4468710
                                                                                                                                                                                                                                                                    Function 00007FF769D890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: GetCurrentProcess.KERNEL32 ref: 00007FF769D88590
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: OpenProcessToken.ADVAPI32 ref: 00007FF769D885A3
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: GetTokenInformation.KERNELBASE ref: 00007FF769D885C8
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: GetLastError.KERNEL32 ref: 00007FF769D885D2
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: GetTokenInformation.KERNELBASE ref: 00007FF769D88612
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF769D8862E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D88570: CloseHandle.KERNELBASE ref: 00007FF769D88646
                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF769D83C55), ref: 00007FF769D8916C
                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF769D83C55), ref: 00007FF769D89175
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                                    • Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                                                    • Instruction ID: 0a2f733c3868a70fd959a342ad254f4928337933022802f1bfe021f2352cea41
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99211E61A08642C1E610BF20EA152EAF2B5FB94780FC44136EA4D57B96DF3CD9458760
                                                                                                                                                                                                                                                                    Function 00007FF769D87E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,?,00007FF769D8352C,?,00000000,00007FF769D83F23), ref: 00007FF769D87F32
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                                    • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                                                    • Instruction ID: 558f9dd0e87bd8f610ee75c355f366b820c13775adf76fbf0b9f63899f51aeb4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5231A561719AC1D5EB21AF21E9507AAF374EB84BE0F840231EE6D47BCADF2CD6458710
                                                                                                                                                                                                                                                                    Function 00007FF769D9CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF769D9CF4B), ref: 00007FF769D9D07C
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF769D9CF4B), ref: 00007FF769D9D107
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                                    • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                                    • Instruction ID: 829ba2303da537e2ce20df0f287eb9de7e159d215ced6141f52c9a9af994f691
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82917172F18651C5F760BF6594402BDBBB0AB45B88F94413AEE0E67A95DF38D842C720
                                                                                                                                                                                                                                                                    Function 00007FF769D9F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                                    • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                                    • Instruction ID: d64ceb4a0137d5764e958754eb6f0f6317430dd797570b8aded133dcb15f3f19
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F51B672F04212CAEB14FF68D9556BCBBB5AB5436DF900235ED1E53AE5DB38AC028710
                                                                                                                                                                                                                                                                    Function 00007FF769D9577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                                                    • Instruction ID: 9e268987e8a9b4bd8defd42a5862f3b77c1e8b8b341d132b8b2d42dd5fc2db84
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6518B22E08641CAFB10FFB1D4503BDB7B1AB48B99F948535DE0D9BA89DF38D8418760
                                                                                                                                                                                                                                                                    Function 00007FF769D95628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                                    • Instruction ID: 21d68bb38e1055ef2d12185c12aca5244e012be153ba004c27f8cad0332a3387
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B418F22E18782C3E654BF609510369B770FBA47A5F509335EA9C43AD2DF7CA9A18720
                                                                                                                                                                                                                                                                    Function 00007FF769D8CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                                                    • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                                    • Instruction ID: 0366660746ed09ab74be8d6c1aadac4be603462d605c7d671f60f0017006f123
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B312421E08106C5FF24BF7596513B9F6A1AF91788FC45235EA0E4B6E3DF6DA8058260
                                                                                                                                                                                                                                                                    Function 00007FF769D99A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                    • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                                                    • Instruction ID: 50d5603a38786435a6335da2c552b6ee99bdcd343305b7045d6b0f9e4b274f06
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D09E14B0870AC6EB143FB19C5507CB275AF58711F941438C80B167D3DF3CAC5A4320
                                                                                                                                                                                                                                                                    Function 00007FF769D9013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                                    • Instruction ID: 6d71bcf1554f4aa40ef77df3b840bbe81fc7c5c220d67a999f1b5e5d8aee9a28
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9651D221B09242C6EB68BE65E40067AB6B1AF85BE8F984734DD7D537D5CF3CE8018620
                                                                                                                                                                                                                                                                    Function 00007FF769D9C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                                    • Instruction ID: d84f0a5e6c215aa7e1a3a0f70153707d4da61075ada5d369bee1a1a630a6d5ce
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C11BF62708A81C1DA20AF25A954169B371AB45FF8F944331EE7D1BBE9CF3CD4118704
                                                                                                                                                                                                                                                                    Function 00007FF769D95924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF769D95839), ref: 00007FF769D95957
                                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF769D95839), ref: 00007FF769D9596D
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                                    • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                                    • Instruction ID: 4d9090579c9ea2a8ab8ae4ddd32e9589581819f373b4a10c70bdb69bca27d05a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C11913160C612C2EB54AF18E41103AF770FB84772F900236FA9E819D8EF6CD814DB20
                                                                                                                                                                                                                                                                    Function 00007FF769D9A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A95E
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A968
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                                    • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                                    • Instruction ID: d054674126cdee0d3f633e20868a720a7ff5570dc56787214dd44ab05b56d132
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24E04611F09206D2FE187FF2A855139B270AF89B40FC50030D81D472A2EF2C6C928630
                                                                                                                                                                                                                                                                    Function 00007FF769D9AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF769D9A9D5,?,?,00000000,00007FF769D9AA8A), ref: 00007FF769D9ABC6
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF769D9A9D5,?,?,00000000,00007FF769D9AA8A), ref: 00007FF769D9ABD0
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                                    • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                                    • Instruction ID: f3fc9bf70fe869ff26d9545425e365a8053b0040b4f3175a3e89ade295f46ba5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A216612F18682C1FAA4BF519594379B6A29F84BA8F844239DA2F477D5CF6CEC454320
                                                                                                                                                                                                                                                                    Function 00007FF769D9BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                                    • Instruction ID: 40f3661b3b359850cc838128ac206f7fac6f3449676149a1a939088cf97b3030
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD41A432D18645C7EA74BF19A540279F7B4EB56B90F910231DB8E836D1CF6DE802CB61
                                                                                                                                                                                                                                                                    Function 00007FF769D87F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                                    • Opcode ID: 10e7562e960f8d99c449f474851a74073af959b335e7b5ea493964aac480507e
                                                                                                                                                                                                                                                                    • Instruction ID: 10f36f8da8d2ac1b0860c6079c07fe577446cc5b6edc095be372e645c6607345
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10e7562e960f8d99c449f474851a74073af959b335e7b5ea493964aac480507e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC217F21B28692C6FA50BE22AA047BAF661BF45BD4FC84430EE1D0B787DF7DE445C610
                                                                                                                                                                                                                                                                    Function 00007FF769D9B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                                    • Instruction ID: c8e8888b1e1f987ac9843febe211818a45612dfae7711cc66333b436f8637d97
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7316E22A28612D5E711BF59984137DBAB0AF81BA4FD20135EA6D573D2CFBCEC418731
                                                                                                                                                                                                                                                                    Function 00007FF769D99961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                                                    • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                                                    • Instruction ID: 33f9c7023cb37ab07c8876c04daee7b85caaaace8204b355c28dbe3d5c5a4d84
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28218972A04746CEEB24AF68C4802AC73B4EB04718F84163AE76C06BC5DF38D984CB60
                                                                                                                                                                                                                                                                    Function 00007FF769D95F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                                    • Instruction ID: 9f8edc6ed601404e1d50750d1b1361799e50869180a9985d051ad6645d12dd33
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0115C22A1D642C2EA60BF51940027EF2B4AF86B95FC44431FE8C97A96CF3DEC009720
                                                                                                                                                                                                                                                                    Function 00007FF769DA6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                                    • Instruction ID: 00181148b5dfa9ea4bf6a9893782286e073dbabc271431fa28e95f636e53e3d2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A215072A18A42C6DB61AF58D44037DB6B0BB84B54FA84234E75D87BD9DF3DD8118B10
                                                                                                                                                                                                                                                                    Function 00007FF769D903BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                                    • Instruction ID: 13934de7f02b71de7844ce808c198979472da4c8c9500a0f846b265386087e07
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48015E21A18746C1EA44BF52A901279F6B5AF96FE0F884631EE6C57BD6CF3CD8118310
                                                                                                                                                                                                                                                                    Function 00007FF769D97EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                                    • Instruction ID: 141008fecf7a63497d831d5e1cbae90a7499ca34da93fb8bfb846e1fac1d86eb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48016921E1D683E0FA607F216901179F2B4AF427E4FD44235EA1C636C6DF2CEC418230
                                                                                                                                                                                                                                                                    Function 00007FF769D98238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                                    • Instruction ID: 29eb0b8f71a2bcafd1785cb4c01405f93daf2ca9efaefa3c719acb76347c9964
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE0C760E1C603C7FB153EA408822B8B2308F9A740FC00031EA090B2C3DF2C6C44A332
                                                                                                                                                                                                                                                                    Function 00007FF769D9EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF769D9B32A,?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A), ref: 00007FF769D9EBED
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                                    • Instruction ID: 4b429a5183ca952bf3ee4480738a4d8d7bce3811a28fdb756e17a4df7d57c065
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F01D54B09217C1FE597EA598553B5F2B56F99B84FCC4530C90F867D2EF2CE8918230
                                                                                                                                                                                                                                                                    Function 00007FF769D9D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF769D90C90,?,?,?,00007FF769D922FA,?,?,?,?,?,00007FF769D93AE9), ref: 00007FF769D9D63A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                    • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                                    • Instruction ID: 5494b439a49af1b526d2d4e2c27d6f72b3748864d50deb7b1ddaee4db375d080
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01F0D415A0924AC5FE647FA19851775F2B55F857E0F880632E92E866C2DF2CA8908630

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 00007FF769D876C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                                    • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                                    • Instruction ID: 4cf0490e230ad94fb237041c7cf67b0c8060707ecfb19e12d0c39681d50de5ef
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2502C665A0DB0BE0FA54BF65EA105B4F7B5AF05744FC41032D82E02BA1EF7CB56A8274
                                                                                                                                                                                                                                                                    Function 00007FF769DA40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                                    • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                                    • Instruction ID: 24725c30b28b044d4144ec563a7c490cee771631bf8d73ee8e267dfc69ba91e1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5B2DE72A18282CBE764AE65D5407FDB7B1FB54388F905135DA0E97F88DF38AA10CB50
                                                                                                                                                                                                                                                                    Function 00007FF769D8ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                                    • API String ID: 0-2665694366
                                                                                                                                                                                                                                                                    • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                                    • Instruction ID: 9dd5ec8da95717a51ceadd4b7c9a666a4bc6e5a6f44c9e487c1c46a5a980af05
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA521672A186A68BD7A49F14C658B7EBBBDFB44340F814139E64A877C1DB3CE844CB50
                                                                                                                                                                                                                                                                    Function 00007FF769D8D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                    • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                                    • Instruction ID: 7fd378388f223b6d9fe7589e89c7f838f8b969798be8c439c642c2818c70bb65
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6310972608A85C6EB609F60E8803EEB374FB84748F84403ADA4E47B99DF7CD559C720
                                                                                                                                                                                                                                                                    Function 00007FF769D9A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                    • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                                    • Instruction ID: cadb2e0b627bbaedf139812badd199f0be4813064e0d39b8d65826566f536c23
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02316236608B85C6DB60EF25E8402AEB7B4FB88758F940136EA9D43B99DF3CC555CB10
                                                                                                                                                                                                                                                                    Function 00007FF769DA1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                                    • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                                    • Instruction ID: 7fa975d725b1da123b609446507eae0e0ad6dfd9388002da88f371b155bbf321
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7B17C22B18692C1EA61BF26D5002B9F3B1EB45BE4F845132EA5D17F95EF3CE851C320
                                                                                                                                                                                                                                                                    Function 00007FF769D8D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                                    • Instruction ID: 73831fb2a91107c2496da27462bfcefbe5ebe9955328beef80898f0a7337827a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70111C22B14F05CAEB009F60E8542B973B4FB59758F840E31DA6D46BA4DF7CD1658350
                                                                                                                                                                                                                                                                    Function 00007FF769DA3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                    • Instruction ID: 01ed3f52081d2b44b2cad03b3db218e66db03216105c962ab5b1717c30e9a79f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFC1D172B18686C7EB249F19E14467AF7A2F784B84F848135DB4A43B84DB3DE911CB44
                                                                                                                                                                                                                                                                    Function 00007FF769D8A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                                    • API String ID: 0-1127688429
                                                                                                                                                                                                                                                                    • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                                    • Instruction ID: 6ad4b461f18270af88edc23817bfecc60f5f2ff755dcb4adfd3bb4d12cb48124
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3F18F72A082D5CBE7A5AF15C188B3AFAB9EF44750F864538DA49077D2CB3CE541C760
                                                                                                                                                                                                                                                                    Function 00007FF769DA9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                                                    • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                                    • Instruction ID: f243338ce28065585c08d48e0f86fe72a61c84f2b83d3ee929786c32fdc0f8f1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAB15C77A04B89CBEB15CF29C8863687BB0F744B58F558932DA5D83BA4CB3AD461C710
                                                                                                                                                                                                                                                                    Function 00007FF769D939A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                                                    • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                                    • Instruction ID: 65aacb5e22f97e10db1cadb4f76de1367f1228dd88f5d7e43f90146510570707
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE18D32A08646C6EB68BE29C15013DF3B0FF45B88FA45235DA1E17695DF3AEC52C760
                                                                                                                                                                                                                                                                    Function 00007FF769D8A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                                    • API String ID: 0-900081337
                                                                                                                                                                                                                                                                    • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                                    • Instruction ID: a975d8fd3ff218d163cf2444e2ab0d064f428a84b7777a0c64500a8ce47342d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9919372A182C6CBE7A4AE15C548B3EFAB9FF44350F914539DA4A467D1CB3CE941CB10
                                                                                                                                                                                                                                                                    Function 00007FF769D9DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                                                    • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                                    • Instruction ID: c7dc3da5a827ddf7a49fa06db955e9f741738175b52892e7b2ce963db8816ab0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62515662B182C1C6E724AF359901769BBA1F745B94F888232DB9C47AC5CF3DD8008720
                                                                                                                                                                                                                                                                    Function 00007FF769D9DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                                                    • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                                    • Instruction ID: 724f62d12a86dc23c82b0e470fb1cea6f9f3004975b619c1953936a1906abccf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51A15763B087CA86EB21EF25A4007A9BBA1EB55BC4F848132EE4D47785DF3DD901C711
                                                                                                                                                                                                                                                                    Function 00007FF769D98794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                                    • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                                    • Instruction ID: 7051401dd73fd5697bddcde4c438513d6c808af588eb63754a7ccea783b81b35
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A518015F08653D1FA68BE2AA91117AF2B06F54FD4FC84435DE1E47B96EF3CE8524220
                                                                                                                                                                                                                                                                    Function 00007FF769DA3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                                    • Instruction ID: 0e23b4f15d592741520ef5d38c8ec8b1deec6c86a95d76c6de6d9179065be9e7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0B09220E07A06C2EE083F21AC82218B2B8BF48700FD80139C04C40730DF2C24F65B20
                                                                                                                                                                                                                                                                    Function 00007FF769D935A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                                    • Instruction ID: bd4836f990960188a21d431842246c11890803e62e114bf8fc35702fe426a3a1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32D1BA66A08642C6EB68BE29805027DF7B1EF05B88FA44239CE0E077D5DF39EC55C760
                                                                                                                                                                                                                                                                    Function 00007FF769D89800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                                    • Instruction ID: 5ea38bdae70970e89eb3f7040759a5106974fb08b269c5ab8904d870b687c6ac
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC18E762181E08BD289EB29E4694BA73E1F78934DBD5407BEF8747786C73CA414DB20
                                                                                                                                                                                                                                                                    Function 00007FF769D92C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                                    • Instruction ID: 98a1cda28ecb178b794ca9836069ed381542247f27cd4c2f45af21e9a528d802
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34B15D72A08785CAE764AF29C49427CBBB0E74AB4CFA44135CB4E47395CF39D842C764
                                                                                                                                                                                                                                                                    Function 00007FF769D9E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                                    • Instruction ID: 206e5b72599a1de648585b52e00f93a4b699461527e05bb81a5362c4bd742d33
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1881C372A08781C6E774FF19A44437ABAA1FB857D4F944635DA8D47B89DF3CE8008B20
                                                                                                                                                                                                                                                                    Function 00007FF769DA6418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                                    • Instruction ID: c89a698696659fe5ec43c4838d0e0f1e4f5b548489af29bf7c89b83456ac9675
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5861E222E0C292CAFB64AE2CD45467DF6A1AF51760FD80239E61D43FD5DF6DE8108720
                                                                                                                                                                                                                                                                    Function 00007FF769D92164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                                    • Instruction ID: 166148bbc0b8be93d7dcc9985817e6dfb4c890155b2f4e4bbc823750432b9fbc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63517E36A18A51C6EB24AF29C440238B3B1EB59B6CFA84135CF8D17794CB3AEC53C750
                                                                                                                                                                                                                                                                    Function 00007FF769D91944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                                    • Instruction ID: 210c88211477d33348b4b04035a3cfa73ff10f456f5ad9dfed6ad0aa8a68ef52
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F518136A18651C6E724BF29C040238B7B9EB45B68FA44231CE9D177A4DB3AEC53C750
                                                                                                                                                                                                                                                                    Function 00007FF769D91D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                                    • Instruction ID: 09e9894debb9b4994f9882826a6b2c038ec6725c64d3b5244b30f90e6aa85c43
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97518F76A18656C6E724AF29C044238B7B4EB45B68FA44231CE8D177D4CB3AEC53C750
                                                                                                                                                                                                                                                                    Function 00007FF769D91B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                                    • Instruction ID: 835bb9728614e061d1621e1e743429fb9d89f4df73544a0610d53bffa465a610
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73518F36A18A51CAE724BF29D040238B7B5EB45B6CFA45131CE4D57794DB3AEC43C750
                                                                                                                                                                                                                                                                    Function 00007FF769D91F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                                    • Instruction ID: 04896244c0410de289071689779e2cb50c092df4ddfb3e47bb044ab45b5900b4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1518B36A18A55C6EB24AF29C140238B7B4EB49B5CFA44131CF4D177A9CB3AEC53C790
                                                                                                                                                                                                                                                                    Function 00007FF769D91740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                                    • Instruction ID: cc565f2532884ab941f5a0e17f5c78eb21f3c8ea9186ce9acf8c09129d4a1950
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C951607AB18652C6E764AF29C044238B7B5EB45B58FA44131CE4D17794CF3AEC43D790
                                                                                                                                                                                                                                                                    Function 00007FF769D95D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                    • Instruction ID: a0fbd3662d381dd9003c686ffd9eaa1b7b6239d203862906d16a95216b32c406
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E41D762C1D74A89ED99BD1C45086B4B7A09F237A2DD812B4DD9D973C7CF0E6D86C220
                                                                                                                                                                                                                                                                    Function 00007FF769D99EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                                    • Instruction ID: fae2a32df8cf352a717e3caf3e3ff5997d5c2d2fe28effad11abb1216755984a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541DE63B14A5586EF08EF2ADA14169F3B1BB48FD0B899436EE0D97B58DF3DD4428300
                                                                                                                                                                                                                                                                    Function 00007FF769D980E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                                    • Instruction ID: f640aa50d4e8e7e266b0953d2ab59f8f38440acee56ed9f7c52013e37f96e76d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B31A532B19B42C1E764BF25A44013DB6E5AB85BE0F944238EA5D63BD5DF3CD8118714
                                                                                                                                                                                                                                                                    Function 00007FF769DA9570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                                    • Instruction ID: 7d0e5b686923b62a6334dd2108e0811562b89dd324baea84b91a0a11f85d3e1f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F04471B18296CADB98AF6DB842629B7E4F748380F808139D58983B04DB3C90618F54
                                                                                                                                                                                                                                                                    Function 00007FF769D8D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                                    • Instruction ID: 5fca93502744f52dbe876d3b742f578b0246fd57fbff3e34c299409ff6454029
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70A0012190C80AD4E644AF40E9A0465B234FB54301BC00033E00D515E59F2CA4159220
                                                                                                                                                                                                                                                                    Function 00007FF769D85830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D85840
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D85852
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D85889
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8589B
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D858B4
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D858C6
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D858DF
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D858F1
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8590D
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8591F
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8593B
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8594D
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D85969
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D8597B
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D85997
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D859A9
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D859C5
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF769D864CF,?,00007FF769D8336E), ref: 00007FF769D859D7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                                    • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                                    • Instruction ID: 0ffc74efcd75d3a08c324d8cd2fc31b8a8803e6e31e61dc8dbf013d3efdbed47
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A622B264A0AB0BD1FA05BF66E9105B4F3B4AF05761FC41076D41F42BA1FF3CA56A8368
                                                                                                                                                                                                                                                                    Function 00007FF769D881D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D89390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF769D845F4,00000000,00007FF769D81985), ref: 00007FF769D893C9
                                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF769D886B7,?,?,00000000,00007FF769D83CBB), ref: 00007FF769D8822C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D82810: MessageBoxW.USER32 ref: 00007FF769D828EA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                                    • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                                    • Instruction ID: f7e2dff61a2dde28b98ff9e142ef9c677dc2cd213d90d3a2fcad0b92069de1d9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4518611A2C642C1FB50BF65EA516BDF2B0AF95784FC44432DA1E836D6EF2CE5058360
                                                                                                                                                                                                                                                                    Function 00007FF769D82180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                                    • Instruction ID: 57ac7bfd24dcc90b0d7f9555aa4f0a6ed2db0ab889e57e8b70498c92315194f0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3351D426604BA1C6D6249F26E4181BAF7B1F798B65F004131EBDE43B95DF3CD046DB20
                                                                                                                                                                                                                                                                    Function 00007FF769D880C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                                    • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                                    • Instruction ID: c74447f7c6082045286bad91a77a35ab10a3afeb942b911f9af021ef4979d964
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43218321B08A46C2E741AF7AEA44179F270EF89B90F984231DA2D437E5DF2CD5A18320
                                                                                                                                                                                                                                                                    Function 00007FF769D96290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                                    • Instruction ID: 4eb9569d2a1b71dc98886da227d926deb94dcf74d2c6ee22f577584f7d6dfef9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57127E66E0C243C6FB247E14E1546BEB6B2FB50B94FC44135E68947AC4DB3CED809BA1
                                                                                                                                                                                                                                                                    Function 00007FF769D90FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                                    • Instruction ID: 523d2b085c951b879d19985bf3be617238b2fa1374506ea9510a3e981bdd31d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43129162E0C143C6FB64BE55E0442B9F6B9FB90794FD84135E69A47AC4DB3CED808B20
                                                                                                                                                                                                                                                                    Function 00007FF769D81050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                                    • Opcode ID: bb53b9f83130c86f90c73192f8f8ea576b0e1637b53f6056db95b778128c6f12
                                                                                                                                                                                                                                                                    • Instruction ID: ab906c70f2c2c8b2dc22be4365076de83e19b7d56a46ee7ddfc2714afa3f280e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb53b9f83130c86f90c73192f8f8ea576b0e1637b53f6056db95b778128c6f12
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59415A21A08652C6EA10FF12AA016BAF3B4BF45BD4FC44432ED5C47796DF3CE50A8760
                                                                                                                                                                                                                                                                    Function 00007FF769D81470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                                    • Opcode ID: 0e986b4e5c265948de3afc9e4e2e10f8185b4b3ab4291cce073a7edd1c97f69a
                                                                                                                                                                                                                                                                    • Instruction ID: affb56774650b6698a10b5b489f022aed7ecb7e283d864457fc226551183e22e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e986b4e5c265948de3afc9e4e2e10f8185b4b3ab4291cce073a7edd1c97f69a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD416C22A08656C6EA10FF21E5015B9F3B0BF55794FC44932EE6D07B96DF3CE9068720
                                                                                                                                                                                                                                                                    Function 00007FF769D8EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                                    • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                                    • Instruction ID: 331cfac01b108fff4e0c249dbb2df782e8a9f56117f8511655fa88188085ae23
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBD17B22A08641CAEB20BF6596403BDF7B4FB55798F900136EE4D57B96CF38E484CB60
                                                                                                                                                                                                                                                                    Function 00007FF769D82C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF769D83706,?,00007FF769D83804), ref: 00007FF769D82C9E
                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF769D83706,?,00007FF769D83804), ref: 00007FF769D82D63
                                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF769D82D99
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                                                    • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                                    • Instruction ID: 2647ab549bb66672305011ac434d56b7eb0711e23642b4d42bf5e123120cd51e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2231B462708A4592E620BF25B9146AAF6B1BF88BD8F810135EF4D93B99DF3CD517C310
                                                                                                                                                                                                                                                                    Function 00007FF769D8DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF769D8DF7A,?,?,?,00007FF769D8DC6C,?,?,?,00007FF769D8D869), ref: 00007FF769D8DD4D
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF769D8DF7A,?,?,?,00007FF769D8DC6C,?,?,?,00007FF769D8D869), ref: 00007FF769D8DD5B
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF769D8DF7A,?,?,?,00007FF769D8DC6C,?,?,?,00007FF769D8D869), ref: 00007FF769D8DD85
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF769D8DF7A,?,?,?,00007FF769D8DC6C,?,?,?,00007FF769D8D869), ref: 00007FF769D8DDF3
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF769D8DF7A,?,?,?,00007FF769D8DC6C,?,?,?,00007FF769D8D869), ref: 00007FF769D8DDFF
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                    • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                                    • Instruction ID: 607a06088bfcd871855a26081f7693850ec83a0ad084e1be32dd5152b487eb3f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71318E21B1A742D1EE11AF1296006B5F3B4FF48BA4F994537DD1D467C1EF3CE4458224
                                                                                                                                                                                                                                                                    Function 00007FF769D86360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                                    • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                                                    • Instruction ID: 3e9b0b095be9f63b23c11a18e97839992451febae5725a5d46d492e150631ba1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99416C21A18A86D1EA21EF25E6152EDF375FB44394FC04132EA5D43696EF3CE619C360
                                                                                                                                                                                                                                                                    Function 00007FF769D82A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF769D8351A,?,00000000,00007FF769D83F23), ref: 00007FF769D82AA0
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                                                    • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                                    • Instruction ID: a033e2f16c0358612935e6b15c9d00975c4f1266eb1d9964fe5914c31f41f232
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6218022618781D2E720AF61F9417E6F6A4EB887C4F800135EE8D53B59DF3CD6468650
                                                                                                                                                                                                                                                                    Function 00007FF769D9B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                    • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                                    • Instruction ID: 0128fbea7efdd0d99df149ec1edbdf406ca0436eaf49b2480140c2f2904c506c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85213D21F08242C1FA587F269652239F2725F447F4F954734E92E57ACADF2CAC418320
                                                                                                                                                                                                                                                                    Function 00007FF769DA7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                    • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                                    • Instruction ID: 050c690e47d3a69827f2502dfaf4ed25a51f3ee8b10f413bf37a542715954bde
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96118121A18A45C6E750AF12F854339B7B0FB98BE4F800234EA5D87BD8DF3CD9258750
                                                                                                                                                                                                                                                                    Function 00007FF769D88ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D88EFD
                                                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D88F5A
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D89390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF769D845F4,00000000,00007FF769D81985), ref: 00007FF769D893C9
                                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D88FE5
                                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D89044
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D89055
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF769D83FB1), ref: 00007FF769D8906A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                                    • Instruction ID: a29a7ca371c4b90d6277ebbcea55435d207d3645b7611546ad431640223fd695
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8417761A19682C1EA30AF11A6402BAF3B4FB85BD4F854135DF9D5778ADF3CE501C720
                                                                                                                                                                                                                                                                    Function 00007FF769D9B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B2D7
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B30D
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B33A
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B34B
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B35C
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF769D94F11,?,?,?,?,00007FF769D9A48A,?,?,?,?,00007FF769D9718F), ref: 00007FF769D9B377
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                                    • Instruction ID: 630ecf4a024ff9a549c21c4df895b6ea319705895228ea5ef90ab235adfc6b71
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD114A20E0C642C2FA58BF66965123DF2A69F45BF0FD58735E82E47AD6DF2CAC014320
                                                                                                                                                                                                                                                                    Function 00007FF769D82910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF769D81B6A), ref: 00007FF769D8295E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                                                    • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                                    • Instruction ID: 0b6b2a68e08c7efbcc02963d1f1b317ce3bf38c8076cc424044f11d513e47e1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2931D822B18685D2E710BF65F9416E6F6A4BF847D8F800131EE8D8375AEF3CD546C210
                                                                                                                                                                                                                                                                    Function 00007FF769D82390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                                    • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                                    • Instruction ID: 4144e2b3c498696513866705b566251325f93f1fb3f95b8b21c696c4d56fa17c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F313D62619A82D9EB20BF61E9552FAB370FF89788F840135EA4D47B9ADF3CD1058710
                                                                                                                                                                                                                                                                    Function 00007FF769D82B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF769D8918F,?,00007FF769D83C55), ref: 00007FF769D82BA0
                                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF769D82C2A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                                                    • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                                    • Instruction ID: 9d1b8c2ee78e074e2cdd13bf2a604bdfa6c178c9cb10ed61838ab321149a69d4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8219C62708B41D2E710AF24F9447AAB7B4EB88784F800136EA8E57B5ADF3CD616C750
                                                                                                                                                                                                                                                                    Function 00007FF769D82710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF769D81B99), ref: 00007FF769D82760
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                                                    • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                                    • Instruction ID: 0d565339fd6e74803b879bfda936d757cfcf3921124f80d9be4ea40ad4aae06a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92219F72A18781D2E720AF61F9817EAF2B4EB883C4F800135EE8D53B5ADF3CD1468650
                                                                                                                                                                                                                                                                    Function 00007FF769D99A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                    • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                                    • Instruction ID: f57bc60a3ca6c50e43aa698a5079a26551d0e2859e040cba583719fb880249ff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F0C261B0970AC1EA10AF20E48433AB330EF557A4F840239C66E466F8CF2CD486C320
                                                                                                                                                                                                                                                                    Function 00007FF769DA9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                                    • Instruction ID: ce2ab57236353f9ac32eacbb0bbb82b89627da6a463d7938387c7c129436f336
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77118626D5DA0381F75439A5E4D1379B070AF59360E840635EB6E16BDE8F6EA4614120
                                                                                                                                                                                                                                                                    Function 00007FF769D9B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF769D9A5A3,?,?,00000000,00007FF769D9A83E,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9B3AF
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D9A5A3,?,?,00000000,00007FF769D9A83E,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9B3CE
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D9A5A3,?,?,00000000,00007FF769D9A83E,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9B3F6
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D9A5A3,?,?,00000000,00007FF769D9A83E,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9B407
                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF769D9A5A3,?,?,00000000,00007FF769D9A83E,?,?,?,?,?,00007FF769D9A7CA), ref: 00007FF769D9B418
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                                    • Instruction ID: b8419e261ee2632db7e85ad62403de2e4be4d7c35a00a63746f2538952f16a1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3117C20F08602C1FA58BF6A9641239F2A15F447F0FD98334E83E476CADF2CAC029230
                                                                                                                                                                                                                                                                    Function 00007FF769D9B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                    • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                                    • Instruction ID: 2972d71f1239e866f8667e77426b323d89543f54280abcc8539fffee10de1b8a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A112720E08207C1FA687F66655227EB2A28F46770FD98734E93E4A6C6DF3CBC405271
                                                                                                                                                                                                                                                                    Function 00007FF769D95FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                                    • Instruction ID: 157820c96eb983eff056aef3b273bb8191f4581b71e17730b31d30006b5d10b3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7791AD22A08A46C1EB65BF24D55077DB7B1AB40B98FC44136DA5D473D6EF3CEC4583A0
                                                                                                                                                                                                                                                                    Function 00007FF769D9FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                    • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                                    • Instruction ID: 81eeb77aa11ae992d4cfdea3131d37e21b744a01009802bd003788e3c6afdbf1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE81BD72E08243C9FB65BF2D8140278B6B0AB15B48FD98435EA0D97289DF3DED41A321
                                                                                                                                                                                                                                                                    Function 00007FF769D8D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                                    • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                                    • Instruction ID: da4e7b9919ab1f3e1b52d4d3a058b514b233404691e8cc754831d43ddf8227c3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651AD36A19602CADB14AF15E544A78F3B5EB44B98F908133DA4E4778AEF7CE841C710
                                                                                                                                                                                                                                                                    Function 00007FF769D8F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                                    • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                                    • Instruction ID: 58daa4a25a049c7580c1afc5601827d9fcda4f11d5e5e44fffcd85f257a8f90e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8518D32A08282C6EB64AF6A9244278F7B0EB55B84F944136DA4D47B97CF3CE450D7A1
                                                                                                                                                                                                                                                                    Function 00007FF769D8EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                    • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                                    • Instruction ID: 9ea2db72fad1f2f8ca67efa6b81eb0e0aca3e02eb18bfcbd994d8ae13eacf893
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0615E32908B85C5DB60AF15E5403AAF7A0FB85B94F444235EB9C07B9ADF7CD190CB50
                                                                                                                                                                                                                                                                    Function 00007FF769D82810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                                                    • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                                    • Instruction ID: 29540cc2f9bd542eb58731c640f859c95fb5eb936b89b3e1662fc70425807230
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23219F62B08B41D2E710AF24F9447EAB7B4EB88784F800136EA8D53B5ADF3CD656C750
                                                                                                                                                                                                                                                                    Function 00007FF769D9C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                    • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                                    • Instruction ID: 0b2f490b5f2693ede0934a919945c05f55776324d2d1cf7d8e2ba1d8787c65ff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75D11472B18A41CAEB10EF79D4402ACB7B1FB15798B804236DE5E97B99DF38D816C310
                                                                                                                                                                                                                                                                    Function 00007FF769D820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                                    • Instruction ID: 48efed1479710ca3b56b93be5082fa0dec0c27c9ad00f002714a81f801e75625
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A411A921B1C546C2FA54AF6AE684279F6B1EB84BC4FD44030DB4907BDACF7DD5D68210
                                                                                                                                                                                                                                                                    Function 00007FF769DA5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                                    • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                                    • Instruction ID: ae4f1f33985e120d34dab797adfb1d0775c1dd7991b2fb71a2ffea0e0b60fc61
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D341C122A08282D6FB64AF25E44137EB7B0EB91BA4F944235EE5C46FD9DF3CD4618710
                                                                                                                                                                                                                                                                    Function 00007FF769D99014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF769D99046
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A95E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FF769D9A948: GetLastError.KERNEL32(?,?,?,00007FF769DA2D22,?,?,?,00007FF769DA2D5F,?,?,00000000,00007FF769DA3225,?,?,?,00007FF769DA3157), ref: 00007FF769D9A968
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF769D8CBA5), ref: 00007FF769D99064
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\y3x8pjQ1Ci.exe
                                                                                                                                                                                                                                                                    • API String ID: 3580290477-844392156
                                                                                                                                                                                                                                                                    • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                                    • Instruction ID: 530b9ab8a0409c5d35515dfc9669d7e75ecfd464178dde5d9932147a431f8607
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6416C36A08A12CAEB15BF25D9800B9B7B4FB457D4B955035EA4E43B85DF3CE8828360
                                                                                                                                                                                                                                                                    Function 00007FF769D9CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                    • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                                    • Instruction ID: b861dd4060a61eadc113e2213eeda8bc1f7815bf6abe85ce89a9377a941d7db8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B41A072B18A45C5DB60AF25E4443AAB7B0FB98784F844135EE4D87B98EF3CD841CB50
                                                                                                                                                                                                                                                                    Function 00007FF769D9F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                                    • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                                    • Instruction ID: eb59a01321c12dc686bb5d0cd74668675a11bc86a95625ac1d6a00d64145c0c9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4321A062A18781C1EB20BF19D04427EB3B1FB88B84FC64135EA9D43695DF7CED458B61
                                                                                                                                                                                                                                                                    Function 00007FF769D8FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                    • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                                    • Instruction ID: 5db9f35e7ad994e02dfb7431ed71dbfd0b6a3703b508329884cfea4446d7ef09
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04114C32618B85C2EB219F15F500259B7F4FB88B98F984631DB8D07B65DF3CC5618B40
                                                                                                                                                                                                                                                                    Function 00007FF769DA073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2453984835.00007FF769D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF769D80000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2453965741.00007FF769D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454012323.00007FF769DAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454036641.00007FF769DC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2454076781.00007FF769DC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff769d80000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                                    • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                                    • Instruction ID: 53e46f395a31cf23310e934b1f41f6c93dd2d8922f79d917570454568af95504
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B017C66A18202C6EB20BF60E46127EB3B0EF49784FC00135D54D42A85EF3CE9148A24

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:0.4%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                    Total number of Nodes:1704
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                    execution_graph 3672 7ffdfaeea350 PyObject_GetIter 3673 7ffdfaeea385 PyErr_Clear 3672->3673 3674 7ffdfaeea3d0 3672->3674 3675 7ffdfaeea3af 3673->3675 3676 7ffdfaeea390 3673->3676 3685 7ffdfaeea671 3674->3685 3711 7ffdfb022300 3674->3711 3677 7ffdfaeea396 _Py_Dealloc 3676->3677 3678 7ffdfaeea39f PyType_GetFlags 3676->3678 3677->3678 3678->3675 3681 7ffdfaeea63e PyErr_Occurred 3682 7ffdfaeea6fb 3681->3682 3683 7ffdfaeea64d 3681->3683 3682->3685 3686 7ffdfaeea701 _Py_Dealloc 3682->3686 3720 7ffdfaf4e3b0 3683->3720 3686->3685 3689 7ffdfaeea694 PyErr_Format 3696 7ffdfaeea6c9 _Py_Dealloc 3689->3696 3697 7ffdfaeea6d2 3689->3697 3690 7ffdfaeea662 3690->3685 3694 7ffdfaeea668 _Py_Dealloc 3690->3694 3691 7ffdfaeea5c8 ??0QRegularExpression@@QEAA@AEBV0@ ?append@QListData@ 3698 7ffdfaeea429 3691->3698 3692 7ffdfaeea474 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 3692->3698 3694->3685 3695 7ffdfaeea4d0 ??0QRegularExpression@@QEAA@AEBV0@ 3695->3695 3695->3698 3696->3697 3699 7ffdfaf4e3b0 2 API calls 3697->3699 3698->3689 3698->3691 3698->3692 3698->3695 3700 7ffdfaeea520 ??0QRegularExpression@@QEAA@AEBV0@ 3698->3700 3701 7ffdfaeea60a _Py_Dealloc 3698->3701 3702 7ffdfaeea613 PyErr_Clear PyIter_Next 3698->3702 3704 7ffdfaeea58b ??0QRegularExpression@@QEAA@AEBV0@ 3698->3704 3705 7ffdfaeea582 ?dispose@QListData@@SAXPEAUData@1@ 3698->3705 3708 7ffdfaeea570 ??1QCommandLineOption@@QEAA 3698->3708 3703 7ffdfaeea6da 3699->3703 3700->3698 3700->3700 3701->3702 3702->3698 3706 7ffdfaeea636 3702->3706 3707 7ffdfb02233c free 3703->3707 3704->3698 3705->3704 3706->3681 3709 7ffdfaeea6e7 3707->3709 3708->3705 3708->3708 3709->3685 3710 7ffdfaeea6ed _Py_Dealloc 3709->3710 3710->3685 3712 7ffdfb02231a malloc 3711->3712 3713 7ffdfaeea3fa PyErr_Clear PyIter_Next 3712->3713 3714 7ffdfb02230b 3712->3714 3713->3681 3713->3698 3714->3712 3715 7ffdfb02232a 3714->3715 3716 7ffdfb022330 Concurrency::cancel_current_task 3715->3716 3717 7ffdfb022336 3715->3717 3716->3717 3728 7ffdfb022d68 std::bad_alloc::bad_alloc 3717->3728 3719 7ffdfb02233b 3723 7ffdfaf4e3bd 3720->3723 3721 7ffdfaeea655 3725 7ffdfb02233c 3721->3725 3722 7ffdfaf4e412 ?dispose@QListData@@SAXPEAUData@1@ 3722->3721 3723->3721 3723->3722 3724 7ffdfaf4e400 ??1QCommandLineOption@@QEAA 3723->3724 3724->3722 3724->3724 3725->3690 3726 7ffdfb022d9c free 3725->3726 3729 7ffdfb022d87 3728->3729 3729->3719 3851 7ffdfaedf550 3852 7ffdfaedf570 3851->3852 3853 7ffdfaedf607 3852->3853 3854 7ffdfaedf5c2 PyEval_SaveThread 3852->3854 3855 7ffdfaedf5dc 3854->3855 3856 7ffdfaedf5d4 ?run@QThread@ 3854->3856 3857 7ffdfaedf5e2 PyEval_RestoreThread 3855->3857 3856->3857 3739 7ffdfaee4350 3740 7ffdfaee43d1 3739->3740 3741 7ffdfaee444c 3740->3741 3742 7ffdfb022300 3 API calls 3740->3742 3743 7ffdfaee43e7 ?toString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@ 3742->3743 3744 7ffdfaee4422 3743->3744 3745 7ffdfaee6750 3746 7ffdfaee6792 3745->3746 3747 7ffdfaee6796 PyEval_SaveThread ?clear@QSettings@ PyEval_RestoreThread 3746->3747 3748 7ffdfaee67d3 3746->3748 3749 7ffdfaee7950 3750 7ffdfaee7991 3749->3750 3751 7ffdfaee79b5 3750->3751 3752 7ffdfaee7995 3750->3752 3755 7ffdfaee7a12 3751->3755 3756 7ffdfaee79f2 3751->3756 3753 7ffdfb022300 3 API calls 3752->3753 3754 7ffdfaee799f 3753->3754 3759 7ffdfaee7ab5 3755->3759 3760 7ffdfb022300 3 API calls 3755->3760 3757 7ffdfb022300 3 API calls 3756->3757 3758 7ffdfaee79fc 3757->3758 3761 7ffdfaee7a77 3760->3761 3770 7ffdfaedb350 3771 7ffdfaedb385 3770->3771 3772 7ffdfaedb3e1 3770->3772 3773 7ffdfaedb38a PyType_IsSubtype 3771->3773 3782 7ffdfaedb3b2 3771->3782 3774 7ffdfaedb3e6 PyType_IsSubtype 3772->3774 3775 7ffdfaedb43e 3772->3775 3777 7ffdfaedb394 3773->3777 3773->3782 3774->3775 3778 7ffdfaedb3f0 3774->3778 3776 7ffdfb022300 3 API calls 3775->3776 3780 7ffdfaedb448 PyLong_AsLong 3776->3780 3781 7ffdfaedb3a8 PyType_IsSubtype 3777->3781 3777->3782 3778->3775 3779 7ffdfaedb404 PyType_IsSubtype 3778->3779 3779->3775 3779->3782 3780->3782 3781->3782 3783 7ffdfaeddd50 PyGILState_Ensure PyObject_CallObject 3784 7ffdfaeddd76 3783->3784 3785 7ffdfaeddd98 3783->3785 3787 7ffdfaeddd7c _Py_Dealloc PyGILState_Release 3784->3787 3788 7ffdfaeddd9d PyGILState_Release 3784->3788 3789 7ffdfb016000 3785->3789 3787->3785 3790 7ffdfb016017 PyErr_Fetch 3789->3790 3791 7ffdfb01638a 3789->3791 3792 7ffdfb01604e PySys_GetObject 3790->3792 3793 7ffdfb01603a PySys_GetObject 3790->3793 3791->3788 3794 7ffdfb016064 PyErr_Restore PyErr_Print 3792->3794 3795 7ffdfb016097 3792->3795 3793->3792 3794->3788 3796 7ffdfb0160ae PyImport_ImportModule 3795->3796 3797 7ffdfb0160e9 3795->3797 3796->3797 3798 7ffdfb0160c3 PyObject_GetAttrString 3796->3798 3799 7ffdfb0160f4 PySys_GetObject 3797->3799 3816 7ffdfb016155 3797->3816 3798->3797 3800 7ffdfb0160e0 _Py_Dealloc 3798->3800 3801 7ffdfb016161 PyErr_Restore PyErr_Print ??0QByteArray@@QEAA@PEBDH 3799->3801 3802 7ffdfb016109 PyObject_CallObject 3799->3802 3800->3797 3804 7ffdfb01631f 6 API calls 3801->3804 3805 7ffdfb0161a9 PySys_SetObject 3801->3805 3802->3801 3803 7ffdfb016120 PySys_SetObject 3802->3803 3803->3801 3806 7ffdfb016137 3803->3806 3804->3791 3807 7ffdfb0161cd PyObject_CallMethod 3805->3807 3808 7ffdfb0161c4 _Py_Dealloc 3805->3808 3811 7ffdfb01613d _Py_Dealloc 3806->3811 3812 7ffdfb016146 3806->3812 3809 7ffdfb01630b 3807->3809 3810 7ffdfb0161ec PyObject_CallMethod 3807->3810 3808->3807 3809->3804 3813 7ffdfb016316 _Py_Dealloc 3809->3813 3814 7ffdfb01621e PyObject_GetAttrString 3810->3814 3815 7ffdfb01620c 3810->3815 3811->3812 3812->3816 3817 7ffdfb01614c _Py_Dealloc 3812->3817 3813->3804 3820 7ffdfb0162f7 3814->3820 3821 7ffdfb01623a PyUnicode_AsUTF8String 3814->3821 3818 7ffdfb016212 _Py_Dealloc 3815->3818 3819 7ffdfb01621b 3815->3819 3816->3801 3817->3816 3818->3819 3819->3814 3820->3809 3824 7ffdfb016302 _Py_Dealloc 3820->3824 3822 7ffdfb0162e2 3821->3822 3823 7ffdfb016254 PyBytes_AsString PyUnicode_AsEncodedString 3821->3823 3822->3820 3827 7ffdfb0162ee _Py_Dealloc 3822->3827 3825 7ffdfb01627d PyBytes_Size PyBytes_AsString ??0QByteArray@@QEAA@PEBDH ??4QByteArray@@QEAAAEAV0@$$QEAV0@ ??1QByteArray@@QEAA 3823->3825 3826 7ffdfb0162ce 3823->3826 3824->3809 3825->3826 3828 7ffdfb0162c5 _Py_Dealloc 3825->3828 3826->3822 3829 7ffdfb0162d9 _Py_Dealloc 3826->3829 3827->3820 3828->3826 3829->3822 3830 7ffdfaee4550 3831 7ffdfaee4599 3830->3831 3832 7ffdfaee45c5 ??0QByteArray@@QEAA 3831->3832 3833 7ffdfaee4666 3831->3833 3834 7ffdfaee45e5 3832->3834 3835 7ffdfaee45e9 ?constData@QByteArray@ ?receivers@QObject@@IEBAHPEBD 3834->3835 3836 7ffdfaee4606 3834->3836 3837 7ffdfaee4628 PyLong_FromLong 3835->3837 3836->3837 3838 7ffdfaee4633 ??1QByteArray@@QEAA 3836->3838 3839 7ffdfaee4647 ??1QByteArray@@QEAA 3836->3839 3837->3838 3839->3833 3841 7ffdfaede550 3843 7ffdfaede5d1 3841->3843 3842 7ffdfaede64c 3843->3842 3844 7ffdfb022300 3 API calls 3843->3844 3845 7ffdfaede5e7 ?authority@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 3844->3845 3846 7ffdfaede622 3845->3846 3858 7ffdfaed4750 3859 7ffdfaed4770 3858->3859 3860 7ffdfaed47f3 3859->3860 3861 7ffdfaed47eb ?onEntry@QState@@MEAAXPEAVQEvent@@ 3859->3861 3861->3860 3862 7ffdfaed2b50 3863 7ffdfaed2bb3 3862->3863 3864 7ffdfaed2bb7 PyEval_SaveThread ?waitForDone@QThreadPool@@QEAA_NH PyEval_RestoreThread PyBool_FromLong 3863->3864 3865 7ffdfaed2bff 3863->3865 3875 7ffdfaee5740 3876 7ffdfaee5782 3875->3876 3877 7ffdfaee5786 ?detach@QUrl@ 3876->3877 3878 7ffdfaee57a7 3876->3878 3866 7ffdfaee7740 3867 7ffdfaee779e 3866->3867 3868 7ffdfaee77a6 3867->3868 3870 7ffdfaee7828 3867->3870 3869 7ffdfb022300 3 API calls 3868->3869 3872 7ffdfaee77b0 ??0QRect@@QEAA@AEBVQPoint@@0 3869->3872 3871 7ffdfaee7854 3870->3871 3873 7ffdfaee7846 _Py_Dealloc 3870->3873 3874 7ffdfaee781d 3872->3874 3873->3871 3879 7ffdfaeda740 3880 7ffdfaeda79d 3879->3880 3881 7ffdfaeda7a1 ?postDelayedEvent@QStateMachine@@QEAAHPEAVQEvent@@H PyLong_FromLong 3880->3881 3882 7ffdfaeda7c6 3880->3882 3883 7ffdfaedcd40 3885 7ffdfaedcd60 3883->3885 3884 7ffdfaedce05 3885->3884 3886 7ffdfaedcddb ?event@QStateMachine@@MEAA_NPEAVQEvent@@ PyBool_FromLong 3885->3886 3887 7ffdfaedcdf0 PyBool_FromLong 3885->3887 3897 7ffdfaed1f40 3898 7ffdfaed1fe5 3897->3898 3899 7ffdfaed1f56 3897->3899 3904 7ffdfaf4d840 3899->3904 3902 7ffdfaed1fd2 ?dispose@QListData@@SAXPEAUData@1@ 3902->3898 3903 7ffdfaed1fc0 ??1QUrl@@QEAA 3903->3902 3903->3903 3905 7ffdfaf4d876 ?detach@QListData@@QEAAPEAUData@1@H 3904->3905 3906 7ffdfaed1f63 3904->3906 3905->3906 3907 7ffdfaf4d8be 3905->3907 3906->3898 3906->3902 3906->3903 3908 7ffdfaf4d8c0 ??0QRegularExpression@@QEAA@AEBV0@ 3907->3908 3908->3906 3908->3908 3909 7ffdfaed1740 3910 7ffdfaed1775 3909->3910 3911 7ffdfaed17ad 3909->3911 3914 7ffdfaed177a PyType_IsSubtype 3910->3914 3915 7ffdfaed1784 3910->3915 3912 7ffdfaed17ec 3911->3912 3913 7ffdfaed17b2 PyType_IsSubtype 3911->3913 3916 7ffdfb022300 3 API calls 3912->3916 3913->3912 3913->3915 3914->3915 3917 7ffdfaed17f6 PyLong_AsLong 3916->3917 3917->3915 3928 7ffdfaee8330 3929 7ffdfaee8354 PyType_IsSubtype 3928->3929 3932 7ffdfaee837d 3928->3932 3930 7ffdfaee8361 3929->3930 3929->3932 3931 7ffdfaee8457 3932->3931 3933 7ffdfaee8404 3932->3933 3934 7ffdfaee83e0 ??ZQRect@@QEAAAEAV0@AEBVQMargins@@ 3932->3934 3935 7ffdfaee8427 3933->3935 3936 7ffdfaee841c _Py_Dealloc 3933->3936 3935->3931 3937 7ffdfaee8430 PyErr_Clear 3935->3937 3936->3935 3941 7ffdfaeea930 3942 7ffdfaeea9a7 3941->3942 3943 7ffdfaeea9ab 3942->3943 3944 7ffdfaeea9e5 3942->3944 3945 7ffdfb022300 3 API calls 3943->3945 3947 7ffdfaeeaa91 3944->3947 3948 7ffdfb022300 3 API calls 3944->3948 3946 7ffdfaeea9b5 ??0QState@@QEAA@PEAV0@ 3945->3946 3946->3947 3949 7ffdfaeeaa60 ??0QState@@QEAA@W4ChildMode@0@PEAV0@ 3948->3949 3949->3947 3950 7ffdfaedf730 3951 7ffdfaedf7b1 3950->3951 3952 7ffdfaedf82c 3951->3952 3953 7ffdfb022300 3 API calls 3951->3953 3954 7ffdfaedf7c7 ?userInfo@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 3953->3954 3955 7ffdfaedf802 3954->3955 3956 7ffdfaee6b30 3957 7ffdfaee6b72 3956->3957 3958 7ffdfaee6b76 ?hasFragment@QUrl@ PyBool_FromLong 3957->3958 3959 7ffdfaee6b8f 3957->3959 3960 7ffdfaee1130 3961 7ffdfaee11c0 3960->3961 3962 7ffdfaee1216 3961->3962 3963 7ffdfaee11c4 ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 3961->3963 3964 7ffdfaee11fd 3963->3964 3965 7ffdfaed2330 3966 7ffdfaed2353 3965->3966 3967 7ffdfaed235b 3966->3967 3968 7ffdfaed23ee 3966->3968 3969 7ffdfaed23af PyBool_FromLong 3966->3969 3970 7ffdfaed2404 3968->3970 3972 7ffdfaed23fe _Py_Dealloc 3968->3972 3972->3970 3973 7ffdfaed4730 _Py_BuildValue_SizeT 3974 7ffdfaed5330 3975 7ffdfaed5372 3974->3975 3976 7ffdfaed5376 ?senderSignalIndex@QObject@ PyLong_FromLong 3975->3976 3977 7ffdfaed538e 3975->3977 4007 7ffdfaeddb20 4008 7ffdfaeddb62 4007->4008 4009 7ffdfaeddb9d 4008->4009 4010 7ffdfb022300 3 API calls 4008->4010 4011 7ffdfaeddb70 ?scheme@QUrl@@QEBA?AVQString@ 4010->4011 4012 7ffdfaeddb98 4011->4012 3982 7ffdfaedb720 PyGILState_Ensure PyObject_CallObject 3983 7ffdfaedb759 3982->3983 3984 7ffdfaedb753 _Py_Dealloc 3982->3984 3985 7ffdfaedb75e 3983->3985 3986 7ffdfaedb76f 3983->3986 3984->3983 3987 7ffdfaedb774 PyGILState_Release 3985->3987 3988 7ffdfaedb764 _Py_Dealloc 3985->3988 3989 7ffdfb016000 41 API calls 3986->3989 3988->3987 3989->3987 3978 7ffdfaede320 3979 7ffdfaede362 3978->3979 3980 7ffdfaede366 ?terminate@QThread@ 3979->3980 3981 7ffdfaede387 3979->3981 3990 7ffdfaedb520 3991 7ffdfaedb562 3990->3991 3992 7ffdfaedb566 ?isAttached@QSharedMemory@ PyBool_FromLong 3991->3992 3993 7ffdfaedb57f 3991->3993 3998 7ffdfaedad20 3999 7ffdfaedad61 3998->3999 4000 7ffdfaedad85 3999->4000 4001 7ffdfaedad65 3999->4001 4004 7ffdfaedae28 4000->4004 4005 7ffdfb022300 3 API calls 4000->4005 4002 7ffdfb022300 3 API calls 4001->4002 4003 7ffdfaedad6f 4002->4003 4006 7ffdfaedadea 4005->4006 4013 7ffdfaedd520 4014 7ffdfaedd562 4013->4014 4015 7ffdfaedd566 ?stackSize@QThread@ PyLong_FromUnsignedLong 4014->4015 4016 7ffdfaedd57e 4014->4016 4017 7ffdfaee0320 4018 7ffdfaee03a5 4017->4018 4019 7ffdfaee0420 4018->4019 4020 7ffdfb022300 3 API calls 4018->4020 4021 7ffdfaee03bb ?userName@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 4020->4021 4022 7ffdfaee03f6 4021->4022 4055 7ffdfaed5120 4056 7ffdfaed5177 4055->4056 4057 7ffdfaed517b 4056->4057 4058 7ffdfaed51bd 4056->4058 4059 7ffdfb022300 3 API calls 4057->4059 4061 7ffdfaed51d5 _Py_Dealloc 4058->4061 4062 7ffdfaed51e0 4058->4062 4060 7ffdfaed5185 ??IQRectF@@QEBA?AV0@AEBV0@ 4059->4060 4063 7ffdfaed51b2 4060->4063 4061->4062 4064 7ffdfaed1920 4065 7ffdfaed1975 4064->4065 4066 7ffdfaed1979 ?isSignalConnected@QObject@@IEBA_NAEBVQMetaMethod@@ PyBool_FromLong 4065->4066 4067 7ffdfaed1997 4065->4067 4072 7ffdfaeddf10 4073 7ffdfaeddf52 4072->4073 4074 7ffdfaeddf8d 4073->4074 4075 7ffdfb022300 3 API calls 4073->4075 4076 7ffdfaeddf60 ?center@QRect@@QEBA?AVQPoint@ 4075->4076 4077 7ffdfaeddf88 4076->4077 4078 7ffdfaedc510 4079 7ffdfaedc552 4078->4079 4080 7ffdfaedc556 ?lock@QSharedMemory@ PyBool_FromLong 4079->4080 4081 7ffdfaedc56f 4079->4081 4082 7ffdfaede710 4083 7ffdfaede715 4082->4083 4084 7ffdfaede74f 4082->4084 4085 7ffdfaede739 ?dispose@QListData@@SAXPEAUData@1@ 4083->4085 4086 7ffdfaede742 4083->4086 4085->4086 4087 7ffdfb02233c free 4086->4087 4087->4084 4092 7ffdfaee0510 4094 7ffdfaee0530 4092->4094 4093 7ffdfaee05d5 4094->4093 4095 7ffdfaee05ab ?event@QThread@@UEAA_NPEAVQEvent@@ PyBool_FromLong 4094->4095 4096 7ffdfaee05c0 PyBool_FromLong 4094->4096 4098 7ffdfaee6d10 4099 7ffdfaee6d52 4098->4099 4100 7ffdfaee6d8d 4099->4100 4101 7ffdfb022300 3 API calls 4099->4101 4102 7ffdfaee6d60 ?errorString@QUrl@@QEBA?AVQString@ 4101->4102 4103 7ffdfaee6d88 4102->4103 4104 7ffdfaedb910 4105 7ffdfaedb936 4104->4105 4106 7ffdfaedb93a ?currentThreadId@QThread@ 4105->4106 4107 7ffdfaedb955 4105->4107 4108 7ffdfaedb950 4106->4108 4117 7ffdfaeda110 4118 7ffdfaeda165 4117->4118 4119 7ffdfaeda169 ?setGlobalRestorePolicy@QStateMachine@@QEAAXW4RestorePolicy@QState@@ 4118->4119 4120 7ffdfaeda18e 4118->4120 4121 7ffdfaed7310 4122 7ffdfaed73b5 4121->4122 4123 7ffdfaed7326 4121->4123 4128 7ffdfaf4d3f0 4123->4128 4126 7ffdfaed73a2 ?dispose@QListData@@SAXPEAUData@1@ 4126->4122 4127 7ffdfaed7390 ??1QLocale@@QEAA 4127->4126 4127->4127 4129 7ffdfaed7333 4128->4129 4130 7ffdfaf4d426 ?detach@QListData@@QEAAPEAUData@1@H 4128->4130 4129->4122 4129->4126 4129->4127 4130->4129 4131 7ffdfaf4d46e 4130->4131 4132 7ffdfaf4d470 ??0QLocale@@QEAA@AEBV0@ 4131->4132 4132->4129 4132->4132 4133 7ffdfaed4f10 4134 7ffdfaed4f6d 4133->4134 4135 7ffdfaed4fb9 4134->4135 4136 7ffdfb022300 3 API calls 4134->4136 4137 7ffdfaed4f80 ??0QThreadPool@@QEAA@PEAVQObject@@ 4136->4137 4138 7ffdfaed6d10 4139 7ffdfaed6d5f 4138->4139 4140 7ffdfaed6d83 4139->4140 4141 7ffdfaed6d63 4139->4141 4143 7ffdfaed6de9 4140->4143 4144 7ffdfaed6e2c 4140->4144 4142 7ffdfb022300 3 API calls 4141->4142 4149 7ffdfaed6d6d 4142->4149 4145 7ffdfb022300 3 API calls 4143->4145 4147 7ffdfaed6e95 4144->4147 4148 7ffdfaed6edd 4144->4148 4146 7ffdfaed6df3 ??0QRectF@@QEAA@AEBVQPointF@@AEBVQSizeF@@ 4145->4146 4146->4149 4150 7ffdfb022300 3 API calls 4147->4150 4152 7ffdfaed6f65 4148->4152 4153 7ffdfaed6f2f 4148->4153 4151 7ffdfaed6e9f ??0QRectF@@QEAA@AEBVQPointF@@0 4150->4151 4151->4149 4155 7ffdfaed6fa8 4152->4155 4156 7ffdfaed6fc1 4152->4156 4154 7ffdfb022300 3 API calls 4153->4154 4154->4149 4157 7ffdfb022300 3 API calls 4155->4157 4156->4149 4159 7ffdfb022300 3 API calls 4156->4159 4158 7ffdfaed6fb2 ??0QRectF@@QEAA@AEBVQRect@@ 4157->4158 4158->4149 4159->4149 4160 7ffdfaed1510 4161 7ffdfaed156d 4160->4161 4162 7ffdfaed15d1 4161->4162 4163 7ffdfaed1571 PyEval_SaveThread ?tryTake@QThreadPool@@QEAA_NPEAVQRunnable@@ PyEval_RestoreThread 4161->4163 4164 7ffdfaed15ad 4163->4164 4165 7ffdfaed15bf PyBool_FromLong 4163->4165 4164->4165 4166 7ffdfaee8900 4167 7ffdfaee8942 4166->4167 4168 7ffdfaee89a6 4167->4168 4169 7ffdfaee8946 PyEval_SaveThread 4167->4169 4170 7ffdfb022300 3 API calls 4169->4170 4171 7ffdfaee8963 ?allKeys@QSettings@@QEBA?AVQStringList@ PyEval_RestoreThread 4170->4171 4172 7ffdfaee8997 4171->4172 4173 7ffdfaee9900 4174 7ffdfaee9905 4173->4174 4175 7ffdfaee991f 4173->4175 4176 7ffdfaf4e3b0 2 API calls 4174->4176 4177 7ffdfaee9912 4176->4177 4178 7ffdfb02233c free 4177->4178 4178->4175 4179 7ffdfaee2700 4181 7ffdfaee2781 4179->4181 4180 7ffdfaee27fc 4181->4180 4182 7ffdfb022300 3 API calls 4181->4182 4183 7ffdfaee2797 ?fragment@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 4182->4183 4184 7ffdfaee27d2 4183->4184 4193 7ffdfaed8d00 4194 7ffdfaed8d5d 4193->4194 4195 7ffdfaed8de5 4194->4195 4196 7ffdfaed8d65 ?addDefaultAnimation@QStateMachine@@QEAAXPEAVQAbstractAnimation@@ 4194->4196 4197 7ffdfaed8d8f 4196->4197 4198 7ffdfaed8dbc PyList_Append 4197->4198 4199 7ffdfaed8d97 PyList_New 4197->4199 4200 7ffdfaed8dca 4198->4200 4201 7ffdfaed8db7 4199->4201 4201->4198 4201->4200 4202 7ffdfaedbd00 PyObject_GetIter 4203 7ffdfaedbd35 PyErr_Clear 4202->4203 4204 7ffdfaedbd80 4202->4204 4205 7ffdfaedbd5f 4203->4205 4206 7ffdfaedbd40 4203->4206 4207 7ffdfaedc021 4204->4207 4210 7ffdfb022300 3 API calls 4204->4210 4208 7ffdfaedbd46 _Py_Dealloc 4206->4208 4209 7ffdfaedbd4f PyType_GetFlags 4206->4209 4208->4209 4209->4205 4211 7ffdfaedbdaa PyErr_Clear PyIter_Next 4210->4211 4212 7ffdfaedbfee PyErr_Occurred 4211->4212 4226 7ffdfaedbdd9 4211->4226 4213 7ffdfaedc0ab 4212->4213 4214 7ffdfaedbffd 4212->4214 4213->4207 4215 7ffdfaedc0b1 _Py_Dealloc 4213->4215 4216 7ffdfb02233c free 4214->4216 4215->4207 4218 7ffdfaedc012 4216->4218 4217 7ffdfaedc044 PyErr_Format 4224 7ffdfaedc079 _Py_Dealloc 4217->4224 4225 7ffdfaedc082 4217->4225 4218->4207 4222 7ffdfaedc018 _Py_Dealloc 4218->4222 4219 7ffdfaedbf78 ??0QLocale@@QEAA@AEBV0@ ?append@QListData@ 4219->4226 4220 7ffdfaedbe24 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 4220->4226 4222->4207 4223 7ffdfaedbe80 ??0QLocale@@QEAA@AEBV0@ 4223->4223 4223->4226 4224->4225 4233 7ffdfb02233c free 4225->4233 4226->4217 4226->4219 4226->4220 4226->4223 4227 7ffdfaedbed0 ??0QLocale@@QEAA@AEBV0@ 4226->4227 4228 7ffdfaedbfba _Py_Dealloc 4226->4228 4229 7ffdfaedbfc3 PyErr_Clear PyIter_Next 4226->4229 4230 7ffdfaedbf3b ??0QLocale@@QEAA@AEBV0@ 4226->4230 4231 7ffdfaedbf32 ?dispose@QListData@@SAXPEAUData@1@ 4226->4231 4234 7ffdfaedbf20 ??1QLocale@@QEAA 4226->4234 4227->4226 4227->4227 4228->4229 4229->4226 4232 7ffdfaedbfe6 4229->4232 4230->4226 4231->4230 4232->4212 4235 7ffdfaedc097 4233->4235 4234->4231 4234->4234 4235->4207 4236 7ffdfaedc09d _Py_Dealloc 4235->4236 4236->4207 4245 7ffdfaed2f00 4246 7ffdfaed2f42 4245->4246 4247 7ffdfaed2f46 PyEval_SaveThread ?clear@QThreadPool@ PyEval_RestoreThread 4246->4247 4248 7ffdfaed2f83 4246->4248 4249 7ffdfaed3900 4250 7ffdfaed3942 4249->4250 4251 7ffdfaed3946 ?stackSize@QThreadPool@ PyLong_FromUnsignedLong 4250->4251 4252 7ffdfaed395e 4250->4252 4253 7ffdfaed6100 4254 7ffdfaed612d 4253->4254 4255 7ffdfaed6153 4254->4255 4256 7ffdfaed6140 ??0QRectF@@QEAA 4254->4256 4256->4255 4256->4256 4260 7ffdfaf4d9c0 4261 7ffdfaf4d9dc 4260->4261 4262 7ffdfaf4d9f6 ?detach@QListData@@QEAAPEAUData@1@H 4260->4262 4262->4261 4263 7ffdfaf4da3e 4262->4263 4263->4261 4264 7ffdfb022300 3 API calls 4263->4264 4264->4263 4265 7ffdfaeeaaf0 4266 7ffdfaeeab32 4265->4266 4267 7ffdfaeeab36 ?autoDetectUnicode@QTextStream@ PyBool_FromLong 4266->4267 4268 7ffdfaeeab4f 4266->4268 4269 7ffdfaee8cf0 4270 7ffdfaee8d75 4269->4270 4271 7ffdfaee8df0 4270->4271 4272 7ffdfb022300 3 API calls 4270->4272 4273 7ffdfaee8d8b ?topLevelDomain@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 4272->4273 4274 7ffdfaee8dc6 4273->4274 4275 7ffdfaedd2f0 4276 7ffdfaedd34f 4275->4276 4277 7ffdfaedd353 ?setNativeKey@QSharedMemory@@QEAAXAEBVQString@@ 4276->4277 4278 7ffdfaedd3a0 4276->4278 4279 7ffdfaedd38a 4277->4279 4280 7ffdfaedd0f0 4281 7ffdfaedd132 4280->4281 4282 7ffdfaedd16e 4281->4282 4283 7ffdfb022300 3 API calls 4281->4283 4284 7ffdfaedd140 4283->4284 4289 7ffdfaedecf0 4290 7ffdfaeded68 4289->4290 4291 7ffdfaededa9 4290->4291 4292 7ffdfaeded6c 4290->4292 4295 7ffdfaedee7d 4291->4295 4296 7ffdfb022300 3 API calls 4291->4296 4293 7ffdfb022300 3 API calls 4292->4293 4294 7ffdfaeded76 ??0QSharedMemory@@QEAA@PEAVQObject@@ 4293->4294 4294->4295 4297 7ffdfaedee2f ??0QSharedMemory@@QEAA@AEBVQString@@PEAVQObject@@ 4296->4297 4297->4295 4298 7ffdfaedcef0 4299 7ffdfaedcf32 4298->4299 4300 7ffdfaedcf6d 4299->4300 4301 7ffdfb022300 3 API calls 4299->4301 4302 7ffdfaedcf40 ?errorString@QSharedMemory@@QEBA?AVQString@ 4301->4302 4303 7ffdfaedcf68 4302->4303 4304 7ffdfaedc6f0 4305 7ffdfaedc732 4304->4305 4306 7ffdfaedc736 ?unlock@QSharedMemory@ PyBool_FromLong 4305->4306 4307 7ffdfaedc74f 4305->4307 4308 7ffdfaedc2f0 4309 7ffdfaedc371 4308->4309 4310 7ffdfaedc3ec 4309->4310 4311 7ffdfb022300 3 API calls 4309->4311 4312 7ffdfaedc387 ?url@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@ 4311->4312 4313 7ffdfaedc3c2 4312->4313 4314 7ffdfaee0ef0 4315 7ffdfaee0f10 4314->4315 4316 7ffdfaee0f86 4315->4316 4317 7ffdfaee0f7e ?updateCurrentTime@QParallelAnimationGroup@@MEAAXH 4315->4317 4317->4316 4318 7ffdfaee08f0 4319 7ffdfaee0980 4318->4319 4320 7ffdfaee09d6 4319->4320 4321 7ffdfaee0984 ?setPassword@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 4319->4321 4322 7ffdfaee09bd 4321->4322 4323 7ffdfaee2ef0 4324 7ffdfaee2f3e 4323->4324 4325 7ffdfaee2f8b 4324->4325 4326 7ffdfb022300 3 API calls 4324->4326 4327 7ffdfaee2f51 ??IQRect@@QEBA?AV0@AEBV0@ 4326->4327 4328 7ffdfaee2f81 4327->4328 4334 7ffdfaed66f0 4336 7ffdfaed6710 4334->4336 4335 7ffdfaed67b5 4336->4335 4337 7ffdfaed678b ?event@QVariantAnimation@@MEAA_NPEAVQEvent@@ PyBool_FromLong 4336->4337 4338 7ffdfaed67a0 PyBool_FromLong 4336->4338 4340 7ffdfaed56f0 4341 7ffdfb022300 3 API calls 4340->4341 4342 7ffdfaed570a 4341->4342 4351 7ffdfaed20f0 4352 7ffdfaed210e PyType_GetFlags 4351->4352 4353 7ffdfaed212f 4351->4353 4354 7ffdfb022300 3 API calls 4353->4354 4355 7ffdfaed213e 4354->4355 4360 7ffdfb01ff50 PyDict_Next 4355->4360 4357 7ffdfaed218b 4358 7ffdfaed2156 4358->4357 4359 7ffdfb02233c free 4358->4359 4359->4357 4361 7ffdfb020127 4360->4361 4364 7ffdfb01ff90 4360->4364 4361->4358 4362 7ffdfb020092 ?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N ??0QByteArray@@QEAA@AEBV0@ ??0QVariant@@QEAA@AEBV0@ 4362->4364 4363 7ffdfb020040 ??M@YA_NAEBVQString@@0 4363->4364 4364->4361 4364->4362 4364->4363 4365 7ffdfb020072 ??M@YA_NAEBVQString@@0 4364->4365 4366 7ffdfb020107 PyDict_Next 4364->4366 4365->4362 4367 7ffdfb020083 ??4QVariant@@QEAAAEAV0@AEBV0@ 4365->4367 4366->4361 4366->4364 4367->4364 4405 7ffdfaed96e0 PyList_New 4406 7ffdfaed976b 4405->4406 4407 7ffdfaed9712 4405->4407 4407->4406 4408 7ffdfaed974a PyList_SetItem 4407->4408 4409 7ffdfaed9770 4407->4409 4408->4406 4408->4407 4409->4406 4410 7ffdfaed9776 _Py_Dealloc 4409->4410 4410->4406 4379 7ffdfaedd2e0 ??4?$QVector@VQPointF@@@@QEAAAEAV0@AEBV0@ 4385 7ffdfaede2e0 4386 7ffdfb022300 3 API calls 4385->4386 4387 7ffdfaede2fa ??0?$QVector@VQPointF@@@@QEAA@AEBV0@ 4386->4387 4388 7ffdfaee24e0 4389 7ffdfaee253d 4388->4389 4390 7ffdfaee2583 4389->4390 4391 7ffdfb022300 3 API calls 4389->4391 4392 7ffdfaee2550 ??0QThread@@QEAA@PEAVQObject@@ 4391->4392 4393 7ffdfaee18e0 4394 7ffdfaee1922 4393->4394 4395 7ffdfaee1926 ?isInterruptionRequested@QThread@ PyBool_FromLong 4394->4395 4396 7ffdfaee193f 4394->4396 4397 7ffdfaed86e0 4398 7ffdfaed872a 4397->4398 4399 7ffdfaed8754 4398->4399 4400 7ffdfaed872e ?setAnimated@QStateMachine@@QEAAX_N 4398->4400 4401 7ffdfaed84e0 4402 7ffdfaed8522 4401->4402 4403 7ffdfaed8526 ?isAnimated@QStateMachine@ PyBool_FromLong 4402->4403 4404 7ffdfaed853f 4402->4404 4417 7ffdfaed1ae0 4418 7ffdfaed1b2a 4417->4418 4419 7ffdfaed1b53 4418->4419 4420 7ffdfaed1b2e ?setExpiryTimeout@QThreadPool@@QEAAXH 4418->4420 4421 7ffdfaee90d0 4422 7ffdfaee9112 4421->4422 4423 7ffdfaee9176 4422->4423 4424 7ffdfaee9116 PyEval_SaveThread 4422->4424 4425 7ffdfb022300 3 API calls 4424->4425 4426 7ffdfaee9133 ?childGroups@QSettings@@QEBA?AVQStringList@ PyEval_RestoreThread 4425->4426 4427 7ffdfaee9167 4426->4427 4428 7ffdfaee5ed0 4429 7ffdfaee5f12 4428->4429 4430 7ffdfaee5f16 ?errorState@QState@@QEBAPEAVQAbstractState@ 4429->4430 4431 7ffdfaee5f40 4429->4431 4432 7ffdfaee5f3b 4430->4432 4433 7ffdfaee4ed0 PyList_New 4434 7ffdfaee4f5c 4433->4434 4435 7ffdfaee4f02 4433->4435 4435->4434 4436 7ffdfaee4f30 PyLong_FromLong 4435->4436 4437 7ffdfaee4f3b PyList_SetItem 4436->4437 4438 7ffdfaee4f61 4436->4438 4437->4434 4437->4435 4438->4434 4439 7ffdfaee4f67 _Py_Dealloc 4438->4439 4439->4434 4448 7ffdfaee3ed0 4449 7ffdfaee3ef2 4448->4449 4450 7ffdfaee3efa 4449->4450 4451 7ffdfaee3f71 4449->4451 4452 7ffdfaee3f3f 4449->4452 4455 7ffdfaee3f81 _Py_Dealloc 4451->4455 4457 7ffdfaee3f87 4451->4457 4453 7ffdfaee3f4a ?compare@QOperatingSystemVersion@@CAHAEBV1@0 4452->4453 4454 7ffdfaee3f5c PyBool_FromLong 4452->4454 4453->4454 4456 7ffdfaee3f57 4453->4456 4455->4457 4456->4454 4468 7ffdfaee1ad0 4469 7ffdfaee1b12 4468->4469 4470 7ffdfaee1b16 ?loopLevel@QThread@ PyLong_FromLong 4469->4470 4471 7ffdfaee1b2e 4469->4471 4472 7ffdfaee22d0 4473 7ffdfaee2332 4472->4473 4474 7ffdfaee238d 4473->4474 4475 7ffdfb022300 3 API calls 4473->4475 4476 7ffdfaee2340 ?adjusted@QRect@@QEBA?AV1@HHHH 4475->4476 4477 7ffdfaee2388 4476->4477 4478 7ffdfaed42d0 4479 7ffdfaed42f4 PyType_IsSubtype 4478->4479 4482 7ffdfaed431d 4478->4482 4480 7ffdfaed4301 4479->4480 4479->4482 4481 7ffdfaed440a 4482->4481 4483 7ffdfaed43b7 4482->4483 4484 7ffdfaed4380 ??IQRectF@@QEBA?AV0@AEBV0@ 4482->4484 4485 7ffdfaed43da 4483->4485 4486 7ffdfaed43cf _Py_Dealloc 4483->4486 4485->4481 4487 7ffdfaed43e3 PyErr_Clear 4485->4487 4486->4485 4488 7ffdfaed3ed0 4489 7ffdfaed3f25 4488->4489 4490 7ffdfaed3f29 ?contains@QThreadPool@@QEBA_NPEBVQThread@@ PyBool_FromLong 4489->4490 4491 7ffdfaed3f47 4489->4491 4492 7ffdfaed74d0 4493 7ffdfaed7525 4492->4493 4494 7ffdfaed7529 ?addState@QStateMachine@@QEAAXPEAVQAbstractState@@ 4493->4494 4495 7ffdfaed754f 4493->4495 4512 7ffdfaee0ac0 4513 7ffdfaee0ae0 4512->4513 4514 7ffdfaee0b85 4513->4514 4515 7ffdfaee0b5b ?event@QParallelAnimationGroup@@MEAA_NPEAVQEvent@@ PyBool_FromLong 4513->4515 4516 7ffdfaee0b70 PyBool_FromLong 4513->4516 4518 7ffdfaee14c0 4519 7ffdfaee14e0 4518->4519 4520 7ffdfaee155a ?updateDirection@QParallelAnimationGroup@@MEAAXW4Direction@QAbstractAnimation@@ 4519->4520 4521 7ffdfaee1562 4519->4521 4520->4521 4531 7ffdfaee48c0 4532 7ffdfaee4902 4531->4532 4533 7ffdfaee493d 4532->4533 4534 7ffdfb022300 3 API calls 4532->4534 4535 7ffdfaee4910 ?transposed@QRect@@QEBA?AV1 4534->4535 4536 7ffdfaee4938 4535->4536 4542 7ffdfaedcac0 PyList_New 4543 7ffdfaedcb79 4542->4543 4546 7ffdfaedcafe 4542->4546 4544 7ffdfb022300 3 API calls 4545 7ffdfaedcb1a ??0QLocale@@QEAA@AEBV0@ 4544->4545 4545->4546 4546->4543 4546->4544 4547 7ffdfaedcb5b PyList_SetItem 4546->4547 4548 7ffdfaedcb7e 4546->4548 4547->4543 4547->4546 4549 7ffdfaedcb99 4548->4549 4550 7ffdfaedcb83 ??1QLocale@@QEAA 4548->4550 4549->4543 4552 7ffdfaedcb9f _Py_Dealloc 4549->4552 4551 7ffdfb02233c free 4550->4551 4551->4549 4552->4543 4553 7ffdfaedf0c0 PyObject_GetIter 4554 7ffdfaedf14b 4553->4554 4555 7ffdfaedf0f4 PyErr_Clear 4553->4555 4560 7ffdfb022300 3 API calls 4554->4560 4568 7ffdfaedf353 4554->4568 4556 7ffdfaedf11e 4555->4556 4557 7ffdfaedf0ff 4555->4557 4558 7ffdfaedf105 _Py_Dealloc 4557->4558 4559 7ffdfaedf10e PyType_GetFlags 4557->4559 4558->4559 4559->4556 4561 7ffdfaedf176 PyErr_Clear PyIter_Next 4560->4561 4562 7ffdfaedf30a PyErr_Occurred 4561->4562 4563 7ffdfaedf1a6 PyErr_Clear PyFloat_AsDouble PyErr_Occurred 4561->4563 4565 7ffdfaedf319 4562->4565 4566 7ffdfaedf3ff 4562->4566 4564 7ffdfaedf379 PyErr_Format 4563->4564 4579 7ffdfaedf1c7 4563->4579 4577 7ffdfaedf3ac _Py_Dealloc 4564->4577 4584 7ffdfaedf3b5 4564->4584 4571 7ffdfaedf32f ?dispose@QListData@@SAXPEAUData@1@ 4565->4571 4573 7ffdfaedf338 4565->4573 4567 7ffdfaedf404 _Py_Dealloc 4566->4567 4566->4568 4567->4568 4569 7ffdfaedf1d5 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 4569->4579 4570 7ffdfaedf2c1 ?append@QListData@ 4570->4579 4571->4573 4574 7ffdfb02233c free 4573->4574 4580 7ffdfaedf345 4574->4580 4575 7ffdfaedf2dc PyErr_Clear PyIter_Next 4575->4563 4582 7ffdfaedf2fa 4575->4582 4576 7ffdfaedf2d3 _Py_Dealloc 4576->4575 4577->4584 4578 7ffdfaedf230 memcpy 4578->4579 4579->4569 4579->4570 4579->4575 4579->4576 4579->4578 4581 7ffdfaedf2a1 ?dispose@QListData@@SAXPEAUData@1@ 4579->4581 4585 7ffdfaedf27a memcpy 4579->4585 4580->4568 4586 7ffdfaedf34a _Py_Dealloc 4580->4586 4581->4579 4582->4562 4583 7ffdfaedf3cb ?dispose@QListData@@SAXPEAUData@1@ 4587 7ffdfaedf3d4 4583->4587 4584->4583 4584->4587 4585->4579 4586->4568 4588 7ffdfb02233c free 4587->4588 4589 7ffdfaedf3e1 4588->4589 4589->4568 4590 7ffdfaedf3e6 _Py_Dealloc 4589->4590 4590->4568 4591 7ffdfaee00c0 4592 7ffdfaee0116 4591->4592 4593 7ffdfaee01a6 ?moveTo@QRect@@QEAAXAEBVQPoint@@ 4592->4593 4594 7ffdfaee011a 4592->4594 4593->4594 4595 7ffdfaed7ac0 4596 7ffdfaed7b02 4595->4596 4597 7ffdfaed7b3d 4596->4597 4598 7ffdfb022300 3 API calls 4596->4598 4599 7ffdfaed7b10 ?normalized@QRect@@QEBA?AV1 4598->4599 4600 7ffdfaed7b38 4599->4600 4601 7ffdfaed1ec0 4602 7ffdfaed1ec5 4601->4602 4604 7ffdfaed1efe 4601->4604 4603 7ffdfb02233c free 4602->4603 4603->4604 4605 7ffdfaed26c0 4606 7ffdfaed2702 4605->4606 4607 7ffdfaed2706 PyEval_SaveThread ?reserveThread@QThreadPool@ PyEval_RestoreThread 4606->4607 4608 7ffdfaed2743 4606->4608 4609 7ffdfaed40c0 4610 7ffdfaed411d 4609->4610 4611 7ffdfaed4169 4610->4611 4612 7ffdfb022300 3 API calls 4610->4612 4613 7ffdfaed4130 ??0QSignalMapper@@QEAA@PEAVQObject@@ 4612->4613 4617 7ffdfaeeaeb0 4618 7ffdfaeeaf0f 4617->4618 4619 7ffdfaeeaf7c 4618->4619 4620 7ffdfaeeaf13 PyEval_SaveThread ?remove@QSettings@@QEAAXAEBVQString@@ PyEval_RestoreThread 4618->4620 4621 7ffdfaeeaf61 4620->4621 4622 7ffdfaeeacb0 4623 7ffdfaeead07 4622->4623 4624 7ffdfaeead0b 4623->4624 4625 7ffdfaeead4d 4623->4625 4626 7ffdfb022300 3 API calls 4624->4626 4627 7ffdfaeead70 4625->4627 4629 7ffdfaeead65 _Py_Dealloc 4625->4629 4628 7ffdfaeead15 ??IQRect@@QEBA?AV0@AEBV0@ 4626->4628 4630 7ffdfaeead42 4628->4630 4629->4627 4631 7ffdfaedeeb0 4632 7ffdfaedef3c 4631->4632 4633 7ffdfaedef92 4632->4633 4634 7ffdfaedef40 ?setUserInfo@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 4632->4634 4635 7ffdfaedef79 4634->4635 4636 7ffdfaee32b0 4637 7ffdfaee32f3 4636->4637 4638 7ffdfaee335a 4637->4638 4639 7ffdfb022300 3 API calls 4637->4639 4640 7ffdfaee3306 ?fromLocalFile@QUrl@@SA?AV1@AEBVQString@@ 4639->4640 4641 7ffdfaee3336 4640->4641 4642 7ffdfaede4b0 4643 7ffdfaede4f2 4642->4643 4644 7ffdfaede4f6 ?quit@QThread@ 4643->4644 4645 7ffdfaede517 4643->4645 4646 7ffdfaeda2b0 4647 7ffdfaeda30f 4646->4647 4648 7ffdfaeda313 ?setKey@QSharedMemory@@QEAAXAEBVQString@@ 4647->4648 4649 7ffdfaeda360 4647->4649 4650 7ffdfaeda34a 4648->4650 4651 7ffdfaed92b0 4652 7ffdfaed92f1 4651->4652 4653 7ffdfaed931c 4652->4653 4654 7ffdfaed930e PyBool_FromLong 4652->4654 4670 7ffdfaee54b0 4671 7ffdfaee54c6 4670->4671 4672 7ffdfaee5555 4670->4672 4677 7ffdfaf4d270 4671->4677 4675 7ffdfaee5542 ?dispose@QListData@@SAXPEAUData@1@ 4675->4672 4676 7ffdfaee5530 ??1QCommandLineOption@@QEAA 4676->4675 4676->4676 4678 7ffdfaf4d2a6 ?detach@QListData@@QEAAPEAUData@1@H 4677->4678 4679 7ffdfaee54d3 4677->4679 4678->4679 4680 7ffdfaf4d2ee 4678->4680 4679->4672 4679->4675 4679->4676 4681 7ffdfaf4d2f0 ??0QRegularExpression@@QEAA@AEBV0@ 4680->4681 4681->4679 4681->4681 4690 7ffdfaee72b0 4691 7ffdfaee730d 4690->4691 4692 7ffdfaee7311 ?setInitialState@QState@@QEAAXPEAVQAbstractState@@ 4691->4692 4694 7ffdfaee7356 4691->4694 4693 7ffdfaee7340 4692->4693 4695 7ffdfaee76b0 4696 7ffdfaee76d6 4695->4696 4697 7ffdfaee770c 4696->4697 4698 7ffdfb022300 3 API calls 4696->4698 4699 7ffdfaee76e4 ?idnWhitelist@QUrl@@SA?AVQStringList@ 4698->4699 4700 7ffdfaee7707 4699->4700 4701 7ffdfaed5eb0 4702 7ffdfaed5eb5 4701->4702 4706 7ffdfaed5ecf 4701->4706 4707 7ffdfaf4e730 4702->4707 4705 7ffdfb02233c free 4705->4706 4710 7ffdfaf4e73d 4707->4710 4708 7ffdfaed5ec2 4708->4705 4709 7ffdfaf4e792 ?dispose@QListData@@SAXPEAUData@1@ 4709->4708 4710->4708 4710->4709 4711 7ffdfaf4e780 ??1QUrl@@QEAA 4710->4711 4711->4709 4711->4711 4716 7ffdfaed14b0 ??0QByteArray@@QEAA@PEBDH 4717 7ffdfb0227b8 4716->4717 3631 7ffdfb016000 3632 7ffdfb016017 PyErr_Fetch 3631->3632 3633 7ffdfb01638a 3631->3633 3634 7ffdfb01604e PySys_GetObject 3632->3634 3635 7ffdfb01603a PySys_GetObject 3632->3635 3636 7ffdfb016064 PyErr_Restore PyErr_Print 3634->3636 3637 7ffdfb016097 3634->3637 3635->3634 3638 7ffdfb0160ae PyImport_ImportModule 3637->3638 3639 7ffdfb0160e9 3637->3639 3638->3639 3640 7ffdfb0160c3 PyObject_GetAttrString 3638->3640 3641 7ffdfb0160f4 PySys_GetObject 3639->3641 3658 7ffdfb016155 3639->3658 3640->3639 3642 7ffdfb0160e0 _Py_Dealloc 3640->3642 3643 7ffdfb016161 PyErr_Restore PyErr_Print ??0QByteArray@@QEAA@PEBDH 3641->3643 3644 7ffdfb016109 PyObject_CallObject 3641->3644 3642->3639 3646 7ffdfb01631f 6 API calls 3643->3646 3647 7ffdfb0161a9 PySys_SetObject 3643->3647 3644->3643 3645 7ffdfb016120 PySys_SetObject 3644->3645 3645->3643 3648 7ffdfb016137 3645->3648 3646->3633 3649 7ffdfb0161cd PyObject_CallMethod 3647->3649 3650 7ffdfb0161c4 _Py_Dealloc 3647->3650 3653 7ffdfb01613d _Py_Dealloc 3648->3653 3654 7ffdfb016146 3648->3654 3651 7ffdfb01630b 3649->3651 3652 7ffdfb0161ec PyObject_CallMethod 3649->3652 3650->3649 3651->3646 3655 7ffdfb016316 _Py_Dealloc 3651->3655 3656 7ffdfb01621e PyObject_GetAttrString 3652->3656 3657 7ffdfb01620c 3652->3657 3653->3654 3654->3658 3659 7ffdfb01614c _Py_Dealloc 3654->3659 3655->3646 3662 7ffdfb0162f7 3656->3662 3663 7ffdfb01623a PyUnicode_AsUTF8String 3656->3663 3660 7ffdfb016212 _Py_Dealloc 3657->3660 3661 7ffdfb01621b 3657->3661 3658->3643 3659->3658 3660->3661 3661->3656 3662->3651 3666 7ffdfb016302 _Py_Dealloc 3662->3666 3664 7ffdfb0162e2 3663->3664 3665 7ffdfb016254 PyBytes_AsString PyUnicode_AsEncodedString 3663->3665 3664->3662 3669 7ffdfb0162ee _Py_Dealloc 3664->3669 3667 7ffdfb01627d PyBytes_Size PyBytes_AsString ??0QByteArray@@QEAA@PEBDH ??4QByteArray@@QEAAAEAV0@$$QEAV0@ ??1QByteArray@@QEAA 3665->3667 3668 7ffdfb0162ce 3665->3668 3666->3651 3667->3668 3670 7ffdfb0162c5 _Py_Dealloc 3667->3670 3668->3664 3671 7ffdfb0162d9 _Py_Dealloc 3668->3671 3669->3662 3670->3668 3671->3664 4718 7ffdfb011c00 4719 7ffdfb011c0f ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@ ??1QByteArray@@QEAA 4718->4719 4720 7ffdfb011c71 4718->4720 4719->4720 4721 7ffdfaee94a0 4722 7ffdfaee9501 4721->4722 4723 7ffdfaee954b 4722->4723 4724 7ffdfaee9505 ?setCodec@QTextStream@@QEAAXPEAVQTextCodec@@ 4722->4724 4726 7ffdfaee95a0 ?setCodec@QTextStream@@QEAAXPEBD 4723->4726 4727 7ffdfaee95cd 4723->4727 4725 7ffdfaee9534 4724->4725 4726->4725 4728 7ffdfaee95c2 _Py_Dealloc 4726->4728 4728->4725 4729 7ffdfaedeaa0 4730 7ffdfaedeb17 4729->4730 4731 7ffdfaedeb1b PyEval_SaveThread ?wait@QThread@@QEAA_NK PyEval_RestoreThread PyBool_FromLong 4730->4731 4732 7ffdfaedeb5b 4730->4732 4733 7ffdfaedebcb ?wait@QThread@@QEAA_NVQDeadlineTimer@@ PyBool_FromLong 4732->4733 4734 7ffdfaedec05 4732->4734 4735 7ffdfaedfaa0 4736 7ffdfaedfae2 4735->4736 4737 7ffdfaedfb26 4736->4737 4738 7ffdfaedfae6 PyEval_SaveThread ?exec@QThread@ PyEval_RestoreThread PyLong_FromLong 4736->4738 4755 7ffdfaed16a0 4756 7ffdfaed16b9 4755->4756 4758 7ffdfaed16c4 4755->4758 4757 7ffdfaed16d1 ?createData@QMapDataBase@@SAPEAU1 4756->4757 4756->4758 4757->4758 4759 7ffdfaed16e6 4757->4759 4760 7ffdfaed16ee ?recalcMostLeftNode@QMapDataBase@ 4759->4760 4760->4758 4765 7ffdfaee8a90 4767 7ffdfaee8ab0 4765->4767 4766 7ffdfaee8b55 4767->4766 4768 7ffdfaee8b2b ?event@QState@@MEAA_NPEAVQEvent@@ PyBool_FromLong 4767->4768 4769 7ffdfaee8b40 PyBool_FromLong 4767->4769 4771 7ffdfaee9a90 4772 7ffdfaee9b2b 4771->4772 4773 7ffdfaee9b84 4772->4773 4774 7ffdfaee9b2f ?setQuery@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 4772->4774 4775 7ffdfaee9b6e 4773->4775 4776 7ffdfaee9bf3 ?setQuery@QUrl@@QEAAXAEBVQUrlQuery@@ 4773->4776 4774->4775 4776->4775 4777 7ffdfaeda690 4778 7ffdfaeda6d2 4777->4778 4779 7ffdfaeda70d 4778->4779 4780 7ffdfb022300 3 API calls 4778->4780 4781 7ffdfaeda6e0 ?applicationName@QSettings@@QEBA?AVQString@ 4780->4781 4782 7ffdfaeda708 4781->4782 4799 7ffdfaedb680 4800 7ffdfaedb6c2 4799->4800 4801 7ffdfaedb6c6 ?start@QStateMachine@ 4800->4801 4802 7ffdfaedb6e7 4800->4802 4807 7ffdfaee6a80 4808 7ffdfaee6ad5 4807->4808 4809 7ffdfaee6ad9 ?removeTransition@QState@@QEAAXPEAVQAbstractTransition@@ 4808->4809 4810 7ffdfaee6aff 4808->4810 4811 7ffdfaed3680 4812 7ffdfaed36c2 4811->4812 4813 7ffdfaed36ca PyEval_SaveThread ?sender@QObject@@IEBAPEAV1 PyEval_RestoreThread 4812->4813 4814 7ffdfaed374e 4812->4814 4815 7ffdfaed36fe 4813->4815 4816 7ffdfb01a850 PyGILState_Ensure 4817 7ffdfb01a86d 4816->4817 4818 7ffdfb01a870 PyGILState_Release 4816->4818 4817->4818 4819 7ffdfaed9a70 4820 7ffdfaed9ab2 4819->4820 4821 7ffdfaed9ab6 PyLong_FromLong 4820->4821 4822 7ffdfaed9ac8 4820->4822 4828 7ffdfaed3270 4829 7ffdfaed32ce 4828->4829 4830 7ffdfaed32d6 4829->4830 4831 7ffdfaed3371 4829->4831 4832 7ffdfb022300 3 API calls 4830->4832 4833 7ffdfaed339d 4831->4833 4835 7ffdfaed338f _Py_Dealloc 4831->4835 4834 7ffdfaed32e0 ??0QRectF@@QEAA@AEBVQPointF@@AEBVQSizeF@@ 4832->4834 4836 7ffdfaed3363 4834->4836 4835->4833 4837 7ffdfaed2270 4838 7ffdfaed22b2 4837->4838 4839 7ffdfaed22f6 4838->4839 4840 7ffdfaed22b6 PyEval_SaveThread ?activeThreadCount@QThreadPool@ PyEval_RestoreThread PyLong_FromLong 4838->4840 4841 7ffdfaedba60 4842 7ffdfaedbaa2 4841->4842 4843 7ffdfaedbaeb 4842->4843 4844 7ffdfaedbaa6 ?type@QSocketNotifier@@QEBA?AW4Type@1 ?socket@QSocketNotifier@ 4842->4844 4845 7ffdfaedbadc 4844->4845 4846 7ffdfaedaa60 4847 7ffdfaedaaaa 4846->4847 4848 7ffdfaedaaae ?cancelDelayedEvent@QStateMachine@@QEAA_NH PyBool_FromLong 4847->4848 4849 7ffdfaedaacb 4847->4849 4850 7ffdfaee1660 4851 7ffdfaee16cf 4850->4851 4852 7ffdfaee1741 4851->4852 4853 7ffdfb022300 3 API calls 4851->4853 4854 7ffdfaee16e2 ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 4853->4854 4855 7ffdfaee171d 4854->4855 4860 7ffdfaee9c50 ??0QVariant@@QEAA 4861 7ffdfaee9d23 4860->4861 4862 7ffdfaee9d2b 6 API calls 4861->4862 4863 7ffdfaee9dd7 ??1QVariant@@QEAA 4861->4863 4868 7ffdfb01f980 4862->4868 4866 7ffdfaee9e07 4863->4866 4865 7ffdfaee9d81 ??1QVariant@@QEAA ??1QVariant@@QEAA 4865->4866 4869 7ffdfb01fdca 4868->4869 4873 7ffdfb01f994 4868->4873 4870 7ffdfb022300 3 API calls 4869->4870 4871 7ffdfb01fdd4 ??0QVariant@@QEAA@AEBV0@ 4870->4871 4874 7ffdfb01fdfe 4871->4874 4872 7ffdfb01f9a4 4872->4865 4873->4872 4875 7ffdfb01fd5f 4873->4875 4876 7ffdfb01f9cb 4873->4876 4877 7ffdfb01fe21 4874->4877 4882 7ffdfb01fe0b ??1QVariant@@QEAA 4874->4882 4878 7ffdfb01fd75 ??0QVariant@@QEAA@W4Type@0@ 4875->4878 4879 7ffdfb01fd68 PyObject_CallObject 4875->4879 4880 7ffdfb01fa01 ?type@QVariant@@QEBA?AW4Type@1 4876->4880 4881 7ffdfb01f9dc ?type@QVariant@@QEBA?AW4Type@1 4876->4881 4892 7ffdfb01fc1f 4876->4892 4877->4865 4883 7ffdfb012480 4878->4883 4879->4892 4886 7ffdfb01fb9f 4880->4886 4887 7ffdfb01fa13 4880->4887 4884 7ffdfb01f9f8 4881->4884 4885 7ffdfb01f9ea ?convert@QVariant@@QEAA_NH 4881->4885 4888 7ffdfb02233c free 4882->4888 4889 7ffdfb01fd8d ??1QVariant@@QEAA 4883->4889 4884->4880 4891 7ffdfb01fba8 ?type@QVariant@@QEBA?AW4Type@1 4884->4891 4885->4884 4886->4891 4894 7ffdfb01fc75 ?type@QVariant@@QEBA?AW4Type@1 4886->4894 4887->4892 4893 7ffdfb01fa1c ?toList@QVariant@@QEBA?AV?$QList@VQVariant@@@ PyList_New 4887->4893 4888->4877 4889->4892 4897 7ffdfb01fbba ?toMap@QVariant@@QEBA?AV?$QMap@VQString@@VQVariant@@@ PyDict_New 4891->4897 4898 7ffdfb01fc6c 4891->4898 4939 7ffdfb00ef50 4892->4939 4903 7ffdfb01faf6 4893->4903 4904 7ffdfb01fa52 4893->4904 4894->4892 4896 7ffdfb01fc87 ?toHash@QVariant@@QEBA?AV?$QHash@VQString@@VQVariant@@@ PyDict_New 4894->4896 4910 7ffdfb01fcc6 4896->4910 4913 7ffdfb01fca6 4896->4913 4897->4892 4911 7ffdfb01fbd9 4897->4911 4898->4892 4898->4894 4901 7ffdfb01fb78 ?dispose@QListData@@SAXPEAUData@1@ 4901->4892 4902 7ffdfb01fa70 ??0QVariant@@QEAA@AEBV0@ ?convert@QVariant@@QEAA_NH 4902->4904 4905 7ffdfb01fa9c ??4QVariant@@QEAAAEAV0@AEBV0@ 4902->4905 4903->4892 4903->4901 4908 7ffdfb01fb5d ??1QVariant@@QEAA 4903->4908 4904->4902 4904->4903 4914 7ffdfb01fab7 ??1QVariant@@QEAA 4904->4914 4905->4904 4906 7ffdfb01fd2b ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z 4906->4892 4912 7ffdfb02233c free 4908->4912 4909 7ffdfb01f810 10 API calls 4909->4913 4910->4892 4910->4906 4911->4892 4915 7ffdfb01fc21 4911->4915 4916 7ffdfb01fc07 ?nextNode@QMapNodeBase@@QEBAPEBU1 4911->4916 4924 7ffdfb01f810 4911->4924 4912->4903 4913->4909 4913->4910 4917 7ffdfb01fce7 ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@ 4913->4917 4918 7ffdfb01fcfa 4913->4918 4919 7ffdfb01face PyList_SetItem 4914->4919 4920 7ffdfb01fb86 4914->4920 4915->4892 4921 7ffdfb01fc27 _Py_Dealloc 4915->4921 4916->4892 4916->4911 4917->4910 4917->4913 4918->4910 4923 7ffdfb01fd00 _Py_Dealloc 4918->4923 4919->4902 4919->4903 4920->4903 4922 7ffdfb01fb91 _Py_Dealloc 4920->4922 4921->4892 4922->4903 4923->4910 4925 7ffdfb022300 3 API calls 4924->4925 4926 7ffdfb01f840 ??0QByteArray@@QEAA@AEBV0@ 4925->4926 4927 7ffdfb01f86a 4926->4927 4928 7ffdfb01f872 4927->4928 4931 7ffdfb01f894 4927->4931 4929 7ffdfb01f877 ??1QString@@QEAA 4928->4929 4932 7ffdfb01f88d 4928->4932 4930 7ffdfb02233c free 4929->4930 4930->4932 4933 7ffdfb01f8bd PyDict_SetItem 4931->4933 4934 7ffdfb01f8a7 4931->4934 4932->4911 4936 7ffdfb01f8dd 4933->4936 4937 7ffdfb01f8d4 _Py_Dealloc 4933->4937 4934->4932 4935 7ffdfb01f8ad _Py_Dealloc 4934->4935 4935->4932 4936->4932 4938 7ffdfb01f8e3 _Py_Dealloc 4936->4938 4937->4936 4938->4932 4940 7ffdfb00ef6e ??1QByteArray@@QEAA 4939->4940 4941 7ffdfb00ef62 4939->4941 4941->4940 4942 7ffdfb00ef68 _Py_Dealloc 4941->4942 4942->4940 4947 7ffdfaee6050 ??0QByteArray@@QEAA ??0QByteArray@@QEAA 4948 7ffdfaee6127 4947->4948 4949 7ffdfaee61de ??1QByteArray@@QEAA ??1QByteArray@@QEAA 4948->4949 4950 7ffdfaee612f 4948->4950 4952 7ffdfaee6218 4949->4952 4951 7ffdfb022300 3 API calls 4950->4951 4953 7ffdfaee6139 ?toPercentEncoding@QUrl@@SA?AVQByteArray@@AEBVQString@@AEBV2@1 4951->4953 4954 7ffdfaee616e ??1QByteArray@@QEAA ??1QByteArray@@QEAA 4953->4954 4954->4952 4987 7ffdfaedbc50 4988 7ffdfaedbc9a 4987->4988 4989 7ffdfaedbcc4 4988->4989 4990 7ffdfaedbc9e ?setRunning@QStateMachine@@QEAAX_N 4988->4990 4956 7ffdfaede850 PyObject_GetIter 4957 7ffdfaede8d5 4956->4957 4958 7ffdfaede87e PyErr_Clear 4956->4958 4959 7ffdfaede9ef 4957->4959 4964 7ffdfb022300 3 API calls 4957->4964 4960 7ffdfaede889 4958->4960 4961 7ffdfaede8a8 4958->4961 4962 7ffdfaede898 PyType_GetFlags 4960->4962 4963 7ffdfaede88f _Py_Dealloc 4960->4963 4962->4961 4963->4962 4965 7ffdfaede8f3 ??0QByteArray@@QEAA PyErr_Clear PyIter_Next 4964->4965 4966 7ffdfaede9b7 PyErr_Occurred 4965->4966 4969 7ffdfaede91c 4965->4969 4967 7ffdfaede9c6 4966->4967 4968 7ffdfaedea71 4966->4968 4970 7ffdfaede9cb ??1?$QVector@VQPointF@@@@QEAA 4967->4970 4971 7ffdfaede9e1 4967->4971 4968->4959 4972 7ffdfaedea76 _Py_Dealloc 4968->4972 4975 7ffdfaedea0a PyErr_Format 4969->4975 4976 7ffdfaede95b ?append@?$QVector@VQPointF@@@@QEAAXAEBVQPointF@@ 4969->4976 4980 7ffdfaede98b _Py_Dealloc 4969->4980 4981 7ffdfaede994 PyErr_Clear PyIter_Next 4969->4981 4973 7ffdfb02233c free 4970->4973 4971->4959 4974 7ffdfaede9e6 _Py_Dealloc 4971->4974 4972->4959 4973->4971 4974->4959 4978 7ffdfaedea46 4975->4978 4979 7ffdfaedea3d _Py_Dealloc 4975->4979 4976->4969 4982 7ffdfaedea4b ??1?$QVector@VQPointF@@@@QEAA 4978->4982 4983 7ffdfaedea61 4978->4983 4979->4978 4980->4981 4981->4969 4984 7ffdfaede9b2 4981->4984 4985 7ffdfb02233c free 4982->4985 4983->4959 4986 7ffdfaedea66 _Py_Dealloc 4983->4986 4984->4966 4985->4983 4986->4959 4998 7ffdfaede450 4999 7ffdfaede470 4998->4999 5000 7ffdfaede455 ??1?$QVector@VQPointF@@@@QEAA 4998->5000 5001 7ffdfb02233c free 5000->5001 5001->4999 4943 7ffdfaee0850 4944 7ffdfaee087b 4943->4944 4945 7ffdfaee087f PyEval_SaveThread ?sleep@QThread@@SAXK PyEval_RestoreThread 4944->4945 4946 7ffdfaee08bb 4944->4946 4991 7ffdfaedfc50 PyList_New 4992 7ffdfaedfc82 4991->4992 4993 7ffdfaedfcdf 4991->4993 4992->4993 4994 7ffdfaedfcb3 PyFloat_FromDouble 4992->4994 4995 7ffdfaedfce4 4994->4995 4996 7ffdfaedfcbe PyList_SetItem 4994->4996 4995->4993 4997 7ffdfaedfcea _Py_Dealloc 4995->4997 4996->4992 4996->4993 4997->4993 5010 7ffdfaed9840 5011 7ffdfaed989c 5010->5011 5012 7ffdfaed994a 5011->5012 5013 7ffdfaed98a4 ?removeDefaultAnimation@QStateMachine@@QEAAXPEAVQAbstractAnimation@@ 5011->5013 5014 7ffdfaed98d1 5013->5014 5015 7ffdfaed98d9 PyList_Size 5014->5015 5020 7ffdfaed9929 5014->5020 5017 7ffdfaed98e7 5015->5017 5015->5020 5016 7ffdfaed98f0 PyList_GetItem 5016->5017 5018 7ffdfaed9903 PyList_SetSlice 5016->5018 5017->5016 5019 7ffdfaed991b PyList_Size 5017->5019 5018->5019 5019->5016 5019->5020 5021 7ffdfaede040 5022 7ffdfaede0cc 5021->5022 5023 7ffdfaede122 5022->5023 5024 7ffdfaede0d0 ?setAuthority@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 5022->5024 5025 7ffdfaede109 5024->5025 5026 7ffdfaedec40 5027 7ffdfaedec82 5026->5027 5028 7ffdfb022300 3 API calls 5027->5028 5029 7ffdfaedecbd 5027->5029 5030 7ffdfaedec90 ?size@QRect@@QEBA?AVQSize@ 5028->5030 5031 7ffdfaedecb8 5030->5031 5032 7ffdfaee7040 5033 7ffdfaee7083 5032->5033 5034 7ffdfaee70ea 5033->5034 5035 7ffdfb022300 3 API calls 5033->5035 5036 7ffdfaee7096 ?fromAce@QUrl@@SA?AVQString@@AEBVQByteArray@@ 5035->5036 5037 7ffdfaee70c6 5036->5037 5042 7ffdfaed4840 5043 7ffdfaed4864 PyType_IsSubtype 5042->5043 5046 7ffdfaed488d 5042->5046 5044 7ffdfaed4871 5043->5044 5043->5046 5045 7ffdfaed497a 5046->5045 5047 7ffdfaed4927 5046->5047 5048 7ffdfaed48f0 ??UQRectF@@QEBA?AV0@AEBV0@ 5046->5048 5049 7ffdfaed494a 5047->5049 5050 7ffdfaed493f _Py_Dealloc 5047->5050 5049->5045 5051 7ffdfaed4953 PyErr_Clear 5049->5051 5050->5049 5052 7ffdfaed2440 5053 7ffdfaed2497 5052->5053 5054 7ffdfaed249b ?mapping@QSignalMapper@@QEBAPEAVQObject@@H 5053->5054 5055 7ffdfaed24cd 5053->5055 5056 7ffdfaed24c2 5054->5056 5057 7ffdfaed252a ?mapping@QSignalMapper@@QEBAPEAVQObject@@AEBVQString@@ 5055->5057 5058 7ffdfaed257d 5055->5058 5059 7ffdfaed2558 5057->5059 5060 7ffdfaed25ca ?mapping@QSignalMapper@@QEBAPEAVQObject@@PEAVQWidget@@ 5058->5060 5061 7ffdfaed25fd 5058->5061 5062 7ffdfaed25f2 5060->5062 5063 7ffdfaed264a ?mapping@QSignalMapper@@QEBAPEAVQObject@@PEAV2@ 5061->5063 5064 7ffdfaed267d 5061->5064 5065 7ffdfaed2672 5063->5065 5066 7ffdfaed9c30 5067 7ffdfaed9d0b 5066->5067 5068 7ffdfaed9c55 5066->5068 5069 7ffdfaed9c62 5068->5069 5070 7ffdfaed9c6d ?detach@QListData@@QEAAPEAUData@1@H 5068->5070 5069->5067 5071 7ffdfaed9d00 ?dispose@QListData@@SAXPEAUData@1@ 5069->5071 5070->5069 5071->5067 5072 7ffdfaedd030 5073 7ffdfaedd072 5072->5073 5074 7ffdfaedd09c 5073->5074 5075 7ffdfaedd076 ?priority@QThread@@QEBA?AW4Priority@1 5073->5075 5076 7ffdfaedd097 5075->5076 5077 7ffdfaedf430 5078 7ffdfaedf486 5077->5078 5079 7ffdfaedf48a 5078->5079 5080 7ffdfaedf50a ?translate@QRect@@QEAAXAEBVQPoint@@ 5078->5080 5080->5079 5081 7ffdfaee1830 5082 7ffdfaee1885 5081->5082 5083 7ffdfaee1889 ?moveBottomLeft@QRect@@QEAAXAEBVQPoint@@ 5082->5083 5084 7ffdfaee18af 5082->5084 5085 7ffdfaed8030 5086 7ffdfaed80bc 5085->5086 5087 7ffdfaed80c0 ?contains@QRect@@QEBA_NAEBVQPoint@@_N PyBool_FromLong 5086->5087 5089 7ffdfaed80e1 5086->5089 5088 7ffdfaed8266 5087->5088 5090 7ffdfaed8146 ?contains@QRect@@QEBA_NAEBV1@_N PyBool_FromLong 5089->5090 5092 7ffdfaed8167 5089->5092 5090->5088 5091 7ffdfaed81d7 ?contains@QRect@@QEBA_NAEBVQPoint@@_N PyBool_FromLong 5091->5088 5092->5088 5092->5091 5093 7ffdfaed5830 5096 7ffdfaed584a 5093->5096 5094 7ffdfaed5852 5095 7ffdfaed58a2 PyFloat_FromDouble PyFloat_FromDouble PyFloat_FromDouble PyFloat_FromDouble 5097 7ffdfaed58e7 5095->5097 5098 7ffdfaed5924 5095->5098 5096->5094 5096->5095 5102 7ffdfaed5885 PyUnicode_FromString 5096->5102 5099 7ffdfaed5914 5097->5099 5107 7ffdfaed58f6 PyUnicode_FromFormat 5097->5107 5100 7ffdfaed593d 5098->5100 5101 7ffdfaed5934 _Py_Dealloc 5098->5101 5099->5098 5103 7ffdfaed591b _Py_Dealloc 5099->5103 5104 7ffdfaed594d _Py_Dealloc 5100->5104 5106 7ffdfaed5956 5100->5106 5101->5100 5102->5095 5103->5098 5104->5106 5105 7ffdfaed596a 5106->5105 5108 7ffdfaed5961 _Py_Dealloc 5106->5108 5107->5099 5108->5105 5109 7ffdfaed1830 5110 7ffdfaed1872 5109->5110 5111 7ffdfaed1876 ?expiryTimeout@QThreadPool@ PyLong_FromLong 5110->5111 5112 7ffdfaed188e 5110->5112 5113 7ffdfaed2c30 5114 7ffdfaed2c54 PyType_IsSubtype 5113->5114 5118 7ffdfaed2c7d 5113->5118 5115 7ffdfaed2c61 5114->5115 5114->5118 5116 7ffdfaed2cd4 5117 7ffdfaed2d13 5117->5116 5120 7ffdfaed2d1c PyErr_Clear 5117->5120 5118->5116 5118->5117 5119 7ffdfaed2d08 _Py_Dealloc 5118->5119 5119->5117 5121 7ffdfaeea820 5122 7ffdfaeea841 5121->5122 5123 7ffdfaeea887 ?contains@QRect@@QEBA_NAEBVQPoint@@_N 5122->5123 5124 7ffdfaeea8a6 5122->5124 5126 7ffdfaeea8f6 5122->5126 5125 7ffdfaeea8d7 ?contains@QRect@@QEBA_NAEBV1@_N 5124->5125 5124->5126 5127 7ffdfaedc420 5128 7ffdfaedc440 5127->5128 5129 7ffdfaedc4c3 5128->5129 5130 7ffdfaedc4bb ?onEntry@QStateMachine@@MEAAXPEAVQEvent@@ 5128->5130 5130->5129 5131 7ffdfaee8020 5132 7ffdfaee808e 5131->5132 5133 7ffdfaee8092 5132->5133 5136 7ffdfaee80e8 5132->5136 5134 7ffdfb022300 3 API calls 5133->5134 5135 7ffdfaee809c ?fromUserInput@QUrl@@SA?AV1@AEBVQString@@ 5134->5135 5139 7ffdfaee80c9 5135->5139 5137 7ffdfb022300 3 API calls 5136->5137 5136->5139 5138 7ffdfaee818c ?fromUserInput@QUrl@@SA?AV1@AEBVQString@@0V?$QFlags@W4UserInputResolutionOption@QUrl@@@@ 5137->5138 5138->5139 5140 7ffdfaee1c20 5141 7ffdfaee1c55 5140->5141 5142 7ffdfaee1c88 5141->5142 5143 7ffdfaee1c70 ??0QParallelAnimationGroup@@QEAA@PEAVQObject@@ 5141->5143 5143->5142 5143->5143 5144 7ffdfaedb020 5145 7ffdfaedb08e 5144->5145 5146 7ffdfaedb0b2 5145->5146 5147 7ffdfaedb092 ?attach@QSharedMemory@@QEAA_NW4AccessMode@1@ PyBool_FromLong 5145->5147 5148 7ffdfaed8420 5149 7ffdfaed8462 5148->5149 5150 7ffdfaed8466 ?isRunning@QStateMachine@ PyBool_FromLong 5149->5150 5151 7ffdfaed847f 5149->5151 5152 7ffdfaeda420 5153 7ffdfaeda4a0 5152->5153 5154 7ffdfaeda4d8 5153->5154 5155 7ffdfaeda4a4 ?postEvent@QStateMachine@@QEAAXPEAVQEvent@@W4EventPriority@1@ 5153->5155 5156 7ffdfaed4420 PyEval_SaveThread ?thread@QObject@@QEBAPEAVQThread@ ?currentThread@QThread@@SAPEAV1 5157 7ffdfaed4468 ?deleteLater@QObject@ 5156->5157 5158 7ffdfaed4452 5156->5158 5159 7ffdfaed4471 PyEval_RestoreThread 5157->5159 5158->5159 5160 7ffdfaed3020 5161 7ffdfaed307d 5160->5161 5162 7ffdfaed3081 5161->5162 5163 7ffdfaed30df 5161->5163 5164 7ffdfb022300 3 API calls 5162->5164 5165 7ffdfaed3102 5163->5165 5167 7ffdfaed30f7 _Py_Dealloc 5163->5167 5166 7ffdfaed308b 5164->5166 5167->5165 5176 7ffdfb01feb0 PyDict_New 5177 7ffdfb01fed0 5176->5177 5178 7ffdfaee8c10 5179 7ffdfaee8c52 5178->5179 5180 7ffdfaee8cb6 5179->5180 5181 7ffdfaee8c56 PyEval_SaveThread 5179->5181 5182 7ffdfb022300 3 API calls 5181->5182 5183 7ffdfaee8c73 ?childKeys@QSettings@@QEBA?AVQStringList@ PyEval_RestoreThread 5182->5183 5184 7ffdfaee8ca7 5183->5184 5185 7ffdfaee9410 5186 7ffdfaee9452 5185->5186 5187 7ffdfaee9456 ?isWritable@QSettings@ PyBool_FromLong 5186->5187 5188 7ffdfaee946f 5186->5188 5189 7ffdfaee1410 5190 7ffdfaee1465 5189->5190 5191 7ffdfaee1469 ?setEventDispatcher@QThread@@QEAAXPEAVQAbstractEventDispatcher@@ 5190->5191 5192 7ffdfaee148f 5190->5192 5193 7ffdfaee6810 5194 7ffdfaee6852 5193->5194 5195 7ffdfaee6856 ?hasQuery@QUrl@ PyBool_FromLong 5194->5195 5196 7ffdfaee686f 5194->5196 5214 7ffdfaee6400 5215 7ffdfaee645e 5214->5215 5216 7ffdfaee6489 5215->5216 5217 7ffdfaee6462 ?addTransition@QState@@QEAAXPEAVQAbstractTransition@@ 5215->5217 5218 7ffdfaee6591 5216->5218 5219 7ffdfaee64e3 ??0QByteArray@@QEAA 5216->5219 5221 7ffdfaee660e 5218->5221 5222 7ffdfaee65de ?addTransition@QState@@QEAAPEAVQAbstractTransition@@PEAVQAbstractState@@ 5218->5222 5220 7ffdfaee64fe 5219->5220 5223 7ffdfaee6526 5220->5223 5224 7ffdfaee6502 ?constData@QByteArray@ ?addTransition@QState@@QEAAPEAVQSignalTransition@@PEBVQObject@@PEBDPEAVQAbstractState@@ 5220->5224 5226 7ffdfaee6606 5222->5226 5225 7ffdfaee6542 5223->5225 5227 7ffdfaee655f ??1QByteArray@@QEAA 5223->5227 5228 7ffdfaee6574 ??1QByteArray@@QEAA 5223->5228 5224->5225 5225->5227 5228->5218 5230 7ffdfaee1ff0 5231 7ffdfaee2075 5230->5231 5232 7ffdfaee20f0 5231->5232 5233 7ffdfb022300 3 API calls 5231->5233 5234 7ffdfaee208b ?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 5233->5234 5235 7ffdfaee20c6 5234->5235 5236 7ffdfaed1ff0 5237 7ffdfaed203a 5236->5237 5238 7ffdfaed203e PyEval_SaveThread ?setMaxThreadCount@QThreadPool@@QEAAXH PyEval_RestoreThread 5237->5238 5239 7ffdfaed207f 5237->5239 5240 7ffdfaed33f0 5241 7ffdfaed3425 5240->5241 5242 7ffdfaed3458 5241->5242 5243 7ffdfaed3440 ??0QSignalMapper@@QEAA@PEAVQObject@@ 5241->5243 5243->5242 5243->5243 5244 7ffdfabdd014 5245 7ffdfabdd035 5244->5245 5246 7ffdfabdd030 5244->5246 5248 7ffdfabdd358 5246->5248 5249 7ffdfabdd37b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5248->5249 5250 7ffdfabdd3ef 5248->5250 5249->5250 5250->5245 5251 7ffdfaedbbe0 5252 7ffdfaedbc06 5251->5252 5253 7ffdfaedbc0a ?idealThreadCount@QThread@ PyLong_FromLong 5252->5253 5254 7ffdfaedbc1d 5252->5254 5255 7ffdfaedffe0 5256 7ffdfaee00ae 5255->5256 5257 7ffdfaedfffd 5255->5257 5258 7ffdfaee0012 ?detach@QListData@@QEAAPEAUData@1@H 5257->5258 5260 7ffdfaee0008 5257->5260 5259 7ffdfaee004a 5258->5259 5258->5260 5259->5260 5262 7ffdfaee0065 memcpy 5259->5262 5260->5256 5261 7ffdfaee00a3 ?dispose@QListData@@SAXPEAUData@1@ 5260->5261 5261->5256 5262->5260 5263 7ffdfaee0fe0 5264 7ffdfaee1035 5263->5264 5265 7ffdfaee1039 ?moveTopLeft@QRect@@QEAAXAEBVQPoint@@ 5264->5265 5266 7ffdfaee105f 5264->5266 5267 7ffdfaee2be0 5268 7ffdfaee2c35 5267->5268 5269 7ffdfaee2c39 ?setSize@QRect@@QEAAXAEBVQSize@@ 5268->5269 5270 7ffdfaee2c5f 5268->5270 5275 7ffdfaed53e0 5276 7ffdfaed5437 5275->5276 5277 7ffdfaed543b 5276->5277 5278 7ffdfaed547d 5276->5278 5280 7ffdfb022300 3 API calls 5277->5280 5279 7ffdfaed54a0 5278->5279 5282 7ffdfaed5495 _Py_Dealloc 5278->5282 5281 7ffdfaed5445 ??UQRectF@@QEBA?AV0@AEBV0@ 5280->5281 5283 7ffdfaed5472 5281->5283 5282->5279 5288 7ffdfb0116f0 ??4QByteArray@@QEAAAEAV0@AEBV0@ ?startsWith@QByteArray@@QEBA_NPEBD ?mid@QByteArray@@QEBA?AV1@HH 5308 7ffdfb011d70 6 API calls 5288->5308 5290 7ffdfb011744 5291 7ffdfb011753 ?constData@QByteArray@ ?type@QMetaType@@SAHPEBD 5290->5291 5306 7ffdfb011874 ??1QByteArray@@QEAA ??1QByteArray@@QEAA 5290->5306 5292 7ffdfb01176e 5291->5292 5293 7ffdfb011777 ?endsWith@QByteArray@@QEBA_ND 5291->5293 5292->5293 5295 7ffdfb0117b0 ?constData@QByteArray@ 5293->5295 5296 7ffdfb01178b ?chop@QByteArray@@QEAAXH ?endsWith@QByteArray@@QEBA_ND 5293->5296 5297 7ffdfb0117cb 5295->5297 5296->5295 5296->5306 5298 7ffdfb011839 5297->5298 5299 7ffdfb01181e ?constData@QByteArray@ 5297->5299 5300 7ffdfb0117e6 ?constData@QByteArray@ ?constData@QByteArray@ memcmp 5297->5300 5301 7ffdfb011844 5298->5301 5305 7ffdfb0118c1 5298->5305 5299->5298 5300->5298 5300->5299 5302 7ffdfb011859 ?qstrcmp@@YAHAEBVQByteArray@@PEBD 5301->5302 5301->5306 5303 7ffdfb01187f ?qstrcmp@@YAHAEBVQByteArray@@PEBD 5302->5303 5304 7ffdfb01186f 5302->5304 5303->5306 5304->5303 5304->5306 5305->5306 5307 7ffdfb0118dd PyType_IsSubtype 5305->5307 5307->5306 5309 7ffdfb011df1 ?endsWith@QByteArray@@QEBA_ND 5308->5309 5310 7ffdfb011e21 ?chop@QByteArray@@QEAAXH 5309->5310 5311 7ffdfb011e01 ?endsWith@QByteArray@@QEBA_ND 5309->5311 5310->5309 5311->5310 5312 7ffdfb011e11 ?endsWith@QByteArray@@QEBA_ND 5311->5312 5312->5310 5313 7ffdfb011e2f 5312->5313 5314 7ffdfb011e6a ?indexOf@QByteArray@@QEBAHDH 5313->5314 5315 7ffdfb011e3c ??0QByteArray@@QEAA ??1QByteArray@@QEAA ??1QByteArray@@QEAA 5313->5315 5316 7ffdfb011fe0 ?constData@QByteArray@ 5314->5316 5317 7ffdfb011e9c ?endsWith@QByteArray@@QEBA_ND 5314->5317 5315->5290 5320 7ffdfb011ffa 5316->5320 5318 7ffdfb011eac ??0QByteArray@@QEAA 5317->5318 5334 7ffdfb011f17 5317->5334 5323 7ffdfb011ebf 5318->5323 5319 7ffdfb012267 ??0QByteArray@@QEAA 5329 7ffdfb01227a 5319->5329 5325 7ffdfb011fff ??4QByteArray@@QEAAAEAV0@PEBD 5320->5325 5326 7ffdfb01200c 5320->5326 5321 7ffdfb01215b ??1QByteArray@@QEAA ??1QByteArray@@QEAA 5321->5290 5322 7ffdfb012152 ?dispose@QListData@@SAXPEAUData@1@ 5322->5321 5323->5321 5323->5322 5330 7ffdfb011f00 ??1QByteArray@@QEAA 5323->5330 5324 7ffdfb011f30 ?at@QByteArray@@QEBADH 5324->5334 5325->5326 5327 7ffdfb01201e ?append@QByteArray@@QEAAAEAV1@D 5326->5327 5328 7ffdfb0120d8 ?replace@QByteArray@@QEAAAEAV1@HHAEBV1@ ??0QString@@QEAA@$$QEAV0@ 5326->5328 5370 7ffdfb00f310 5327->5370 5335 7ffdfb012103 5328->5335 5329->5321 5329->5322 5332 7ffdfb0122c0 ??1QByteArray@@QEAA 5329->5332 5330->5330 5333 7ffdfb011f12 5330->5333 5332->5332 5332->5333 5333->5322 5334->5319 5334->5324 5337 7ffdfb011fc7 5334->5337 5338 7ffdfb01218d ??0QByteArray@@QEAA 5334->5338 5345 7ffdfb011f62 ?mid@QByteArray@@QEBA?AV1@HH 5334->5345 5335->5321 5335->5322 5339 7ffdfb012140 ??1QByteArray@@QEAA 5335->5339 5337->5319 5342 7ffdfb011fcf ?truncate@QByteArray@@QEAAXH 5337->5342 5341 7ffdfb0121a0 5338->5341 5339->5322 5339->5339 5340 7ffdfb00f310 4 API calls 5343 7ffdfb012056 5340->5343 5341->5321 5341->5322 5344 7ffdfb0121d2 ??1QByteArray@@QEAA 5341->5344 5342->5316 5346 7ffdfb0120b0 ?endsWith@QByteArray@@QEBA_ND 5343->5346 5348 7ffdfb012072 ?append@QByteArray@@QEAAAEAV1@D ?append@QByteArray@@QEAAAEAV1@AEBV1@ 5343->5348 5344->5333 5344->5344 5347 7ffdfb011d70 12 API calls 5345->5347 5349 7ffdfb0120c0 ?append@QByteArray@@QEAAAEAV1@D 5346->5349 5350 7ffdfb0120cc ?append@QByteArray@@QEAAAEAV1@D 5346->5350 5351 7ffdfb011f85 ??1QByteArray@@QEAA 5347->5351 5352 7ffdfb00f310 4 API calls 5348->5352 5349->5350 5350->5328 5353 7ffdfb011f9d 5351->5353 5354 7ffdfb0121e9 ??0QByteArray@@QEAA ??1QByteArray@@QEAA 5351->5354 5352->5343 5359 7ffdfaf4f9b0 5353->5359 5356 7ffdfb012206 5354->5356 5356->5321 5356->5322 5358 7ffdfb012250 ??1QByteArray@@QEAA 5356->5358 5357 7ffdfb011faa ??1QByteArray@@QEAA 5357->5334 5358->5333 5358->5358 5360 7ffdfaf4fb43 ??0QByteArray@@QEAA@AEBV0@ ?append@QListData@ 5359->5360 5361 7ffdfaf4f9ce ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 5359->5361 5360->5357 5362 7ffdfaf4fa39 5361->5362 5365 7ffdfaf4fa59 5361->5365 5363 7ffdfaf4fa40 ??0QByteArray@@QEAA@AEBV0@ 5362->5363 5363->5363 5363->5365 5364 7ffdfaf4fa90 ??0QByteArray@@QEAA@AEBV0@ 5364->5364 5366 7ffdfaf4faa9 5364->5366 5365->5364 5365->5366 5367 7ffdfaf4fb0b ??0QByteArray@@QEAA@AEBV0@ 5366->5367 5368 7ffdfaf4fb02 ?dispose@QListData@@SAXPEAUData@1@ 5366->5368 5369 7ffdfaf4faf0 ??1QByteArray@@QEAA 5366->5369 5367->5357 5368->5367 5369->5368 5369->5369 5371 7ffdfb00f327 ?detach@QListData@@QEAAPEAUData@1@H 5370->5371 5374 7ffdfb00f3eb ?append@QByteArray@@QEAAAEAV1@AEBV1@ 5370->5374 5372 7ffdfb00f371 ??0QByteArray@@QEAA@AEBV0@ 5371->5372 5373 7ffdfb00f38a 5371->5373 5372->5372 5372->5373 5373->5374 5375 7ffdfb00f3e2 ?dispose@QListData@@SAXPEAUData@1@ 5373->5375 5376 7ffdfb00f3d0 ??1QByteArray@@QEAA 5373->5376 5374->5340 5375->5374 5376->5375 5376->5376 5381 7ffdfaedcbd0 5382 7ffdfaedcc12 5381->5382 5383 7ffdfaedcc3c 5382->5383 5384 7ffdfaedcc16 ?error@QSharedMemory@@QEBA?AW4SharedMemoryError@1 5382->5384 5385 7ffdfaedcc37 5384->5385 5391 7ffdfaeddbd0 5392 7ffdfaeddc05 5391->5392 5393 7ffdfaeddc27 5392->5393 5394 7ffdfaeddc14 ??0QByteArray@@QEAA 5392->5394 5394->5393 5394->5394 5403 7ffdfaee5bd0 5404 7ffdfaee5c13 5403->5404 5405 7ffdfaee5c7a 5404->5405 5406 7ffdfb022300 3 API calls 5404->5406 5407 7ffdfaee5c26 ?fromPercentEncoding@QUrl@@SA?AVQString@@AEBVQByteArray@@ 5406->5407 5408 7ffdfaee5c56 5407->5408 5409 7ffdfaee87c0 5410 7ffdfaee87e4 PyType_IsSubtype 5409->5410 5413 7ffdfaee880d 5409->5413 5411 7ffdfaee87f1 5410->5411 5410->5413 5412 7ffdfaee88e7 5413->5412 5414 7ffdfaee8894 5413->5414 5415 7ffdfaee8870 ??YQRect@@QEAAAEAV0@AEBVQMargins@@ 5413->5415 5416 7ffdfaee88b7 5414->5416 5417 7ffdfaee88ac _Py_Dealloc 5414->5417 5416->5412 5418 7ffdfaee88c0 PyErr_Clear 5416->5418 5417->5416 5419 7ffdfaee23c0 5420 7ffdfaee244c 5419->5420 5421 7ffdfaee24a2 5420->5421 5422 7ffdfaee2450 ?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@ 5420->5422 5423 7ffdfaee2489 5422->5423 5424 7ffdfaeddfc0 5425 7ffdfaeddff5 5424->5425 5426 7ffdfaede028 5425->5426 5427 7ffdfaede010 ??0QSharedMemory@@QEAA@PEAVQObject@@ 5425->5427 5427->5426 5427->5427 5432 7ffdfaee0bc0 5433 7ffdfaee0beb 5432->5433 5434 7ffdfaee0c2b 5433->5434 5435 7ffdfaee0bef PyEval_SaveThread ?msleep@QThread@@SAXK PyEval_RestoreThread 5433->5435 5436 7ffdfaee2fc0 5437 7ffdfaee300e 5436->5437 5438 7ffdfaee3012 ?isParentOf@QUrl@@QEBA_NAEBV1@ PyBool_FromLong 5437->5438 5439 7ffdfaee3030 5437->5439 5440 7ffdfaee37c0 5441 7ffdfaee3802 5440->5441 5442 7ffdfaee383d 5441->5442 5443 7ffdfb022300 3 API calls 5441->5443 5444 7ffdfaee3810 ?toLocalFile@QUrl@@QEBA?AVQString@ 5443->5444 5445 7ffdfaee3838 5444->5445 5446 7ffdfaee3fc0 PyObject_GetIter 5447 7ffdfaee4045 5446->5447 5448 7ffdfaee3ff2 PyErr_Clear 5446->5448 5452 7ffdfb022300 3 API calls 5447->5452 5459 7ffdfaee425e 5447->5459 5449 7ffdfaee3ffd 5448->5449 5454 7ffdfaee401c 5448->5454 5450 7ffdfaee400c PyType_GetFlags 5449->5450 5451 7ffdfaee4003 _Py_Dealloc 5449->5451 5450->5454 5451->5450 5453 7ffdfaee4070 PyErr_Clear PyIter_Next 5452->5453 5455 7ffdfaee4214 PyErr_Occurred 5453->5455 5483 7ffdfaee40a0 5453->5483 5456 7ffdfaee4223 5455->5456 5457 7ffdfaee431e 5455->5457 5461 7ffdfaee4239 ?dispose@QListData@@SAXPEAUData@1@ 5456->5461 5463 7ffdfaee4242 5456->5463 5458 7ffdfaee4324 _Py_Dealloc 5457->5458 5457->5459 5458->5459 5460 7ffdfaee40b0 PyErr_Occurred 5462 7ffdfaee4282 PyErr_ExceptionMatches 5460->5462 5460->5483 5461->5463 5464 7ffdfaee4296 PyErr_Format 5462->5464 5465 7ffdfaee42c4 5462->5465 5468 7ffdfb02233c free 5463->5468 5464->5465 5469 7ffdfaee42ca _Py_Dealloc 5465->5469 5470 7ffdfaee42d3 5465->5470 5466 7ffdfaee41c1 ?append@QListData@ 5466->5483 5467 7ffdfaee40d0 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 5467->5483 5471 7ffdfaee424f 5468->5471 5469->5470 5476 7ffdfaee42e9 ?dispose@QListData@@SAXPEAUData@1@ 5470->5476 5479 7ffdfaee42f2 5470->5479 5471->5459 5477 7ffdfaee4255 _Py_Dealloc 5471->5477 5472 7ffdfaee41e6 PyErr_Clear PyIter_Next 5478 7ffdfaee4204 5472->5478 5472->5483 5473 7ffdfaee41dd _Py_Dealloc 5473->5472 5475 7ffdfaee412b memcpy 5475->5483 5476->5479 5477->5459 5478->5455 5482 7ffdfb02233c free 5479->5482 5480 7ffdfaee4175 memcpy 5480->5483 5481 7ffdfaee419c ?dispose@QListData@@SAXPEAUData@1@ 5481->5483 5484 7ffdfaee42ff 5482->5484 5483->5460 5483->5466 5483->5467 5483->5472 5483->5473 5483->5475 5483->5480 5483->5481 5484->5459 5485 7ffdfaee4305 _Py_Dealloc 5484->5485 5485->5459 5486 7ffdfaee6bc0 5487 7ffdfaee6c02 5486->5487 5488 7ffdfaee6c2c 5487->5488 5489 7ffdfaee6c06 ?status@QSettings@@QEBA?AW4Status@1 5487->5489 5490 7ffdfaee6c27 5489->5490 5491 7ffdfaee7bc0 5492 7ffdfaee7c03 5491->5492 5493 7ffdfaee7c07 ?setIdnWhitelist@QUrl@@SAXAEBVQStringList@@ 5492->5493 5495 7ffdfaee7c46 5492->5495 5494 7ffdfaee7c30 5493->5494 5496 7ffdfaed2fc0 ?thread@QObject@@QEBAPEAVQThread@ ?currentThread@QThread@@SAPEAV1 5497 7ffdfaed2fe1 5496->5497 5498 7ffdfaed2fff ?deleteLater@QObject@ 5496->5498 5497->5498 5499 7ffdfaed3008 5497->5499 5498->5499 5500 7ffdfaed6bc0 PyList_New 5501 7ffdfaed6c79 5500->5501 5502 7ffdfaed6bfe 5500->5502 5502->5501 5503 7ffdfb022300 3 API calls 5502->5503 5505 7ffdfaed6c5b PyList_SetItem 5502->5505 5506 7ffdfaed6c7e 5502->5506 5504 7ffdfaed6c1a ??0QRegularExpression@@QEAA@AEBV0@ 5503->5504 5504->5502 5505->5501 5505->5502 5507 7ffdfaed6c99 5506->5507 5508 7ffdfaed6c83 ??1QUrl@@QEAA 5506->5508 5507->5501 5510 7ffdfaed6c9f _Py_Dealloc 5507->5510 5509 7ffdfb02233c free 5508->5509 5509->5507 5510->5501 5519 7ffdfaed77c0 5520 7ffdfaed7802 5519->5520 5521 7ffdfaed782c 5520->5521 5522 7ffdfaed7806 ?duration@QVariantAnimation@ 5520->5522 5523 7ffdfaed7827 5522->5523 5524 7ffdfaeeafb0 PyList_New 5525 7ffdfaeeb069 5524->5525 5526 7ffdfaeeafee 5524->5526 5526->5525 5527 7ffdfb022300 3 API calls 5526->5527 5529 7ffdfaeeb04b PyList_SetItem 5526->5529 5530 7ffdfaeeb06e 5526->5530 5528 7ffdfaeeb00a ??0QRegularExpression@@QEAA@AEBV0@ 5527->5528 5528->5526 5529->5525 5529->5526 5531 7ffdfaeeb089 5530->5531 5532 7ffdfaeeb073 ??1QCommandLineOption@@QEAA 5530->5532 5531->5525 5534 7ffdfaeeb08f _Py_Dealloc 5531->5534 5533 7ffdfb02233c free 5532->5533 5533->5531 5534->5525 5539 7ffdfaee8fa0 5540 7ffdfaee9022 5539->5540 5541 7ffdfaee9026 5540->5541 5544 7ffdfaee9051 5540->5544 5542 7ffdfb022300 3 API calls 5541->5542 5543 7ffdfaee9030 ??0QOperatingSystemVersion@@QEAA@W4OSType@0@HHH 5542->5543 5545 7ffdfaee90a4 5543->5545 5544->5545 5546 7ffdfb022300 3 API calls 5544->5546 5546->5545 5547 7ffdfaedcfa0 5548 7ffdfaedcfe2 5547->5548 5549 7ffdfaedcfe6 ?isValid@QUrl@ PyBool_FromLong 5548->5549 5550 7ffdfaedcfff 5548->5550 5567 7ffdfaee6fa0 5568 7ffdfaee6fe2 5567->5568 5569 7ffdfaee6fe6 ?iniCodec@QSettings@@QEBAPEAVQTextCodec@ 5568->5569 5570 7ffdfaee7010 5568->5570 5571 7ffdfaee700b 5569->5571 5575 7ffdfaee9390 5576 7ffdfaee93c5 5575->5576 5577 7ffdfaee93f8 5576->5577 5578 7ffdfaee93e0 ??0QState@@QEAA@PEAV0@ 5576->5578 5578->5577 5578->5578 5587 7ffdfaed8790 PyObject_GetIter 5588 7ffdfaed87bc PyErr_Clear 5587->5588 5589 7ffdfaed8801 5587->5589 5590 7ffdfaed87e6 5588->5590 5591 7ffdfaed87c7 5588->5591 5594 7ffdfb022300 3 API calls 5589->5594 5599 7ffdfaed8a81 5589->5599 5592 7ffdfaed87d6 PyType_GetFlags 5591->5592 5593 7ffdfaed87cd _Py_Dealloc 5591->5593 5592->5590 5593->5592 5595 7ffdfaed8836 PyErr_Clear PyIter_Next 5594->5595 5596 7ffdfaed8a32 PyErr_Occurred 5595->5596 5615 7ffdfaed886b 5595->5615 5597 7ffdfaed8b3a 5596->5597 5598 7ffdfaed8a41 5596->5598 5597->5599 5600 7ffdfaed8b40 _Py_Dealloc 5597->5600 5601 7ffdfaed8a65 5598->5601 5602 7ffdfaf53ba0 2 API calls 5598->5602 5600->5599 5605 7ffdfb02233c free 5601->5605 5602->5601 5603 7ffdfaed8888 PyErr_Occurred 5604 7ffdfaed8aac PyErr_Format 5603->5604 5603->5615 5613 7ffdfaed8aea 5604->5613 5614 7ffdfaed8ae1 _Py_Dealloc 5604->5614 5608 7ffdfaed8a72 5605->5608 5606 7ffdfaed88ac ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH 5606->5615 5607 7ffdfaed89db ?append@QListData@ 5610 7ffdfb022300 3 API calls 5607->5610 5608->5599 5609 7ffdfaed8a78 _Py_Dealloc 5608->5609 5609->5599 5610->5615 5612 7ffdfb022300 malloc Concurrency::cancel_current_task std::bad_alloc::bad_alloc 5612->5615 5616 7ffdfaed8b0e 5613->5616 5618 7ffdfaf53ba0 2 API calls 5613->5618 5614->5613 5615->5603 5615->5606 5615->5607 5615->5612 5619 7ffdfaed8a07 PyErr_Clear PyIter_Next 5615->5619 5620 7ffdfaed89fe _Py_Dealloc 5615->5620 5625 7ffdfaf53ba0 5615->5625 5621 7ffdfb02233c free 5616->5621 5618->5616 5619->5615 5622 7ffdfaed8a2a 5619->5622 5620->5619 5623 7ffdfaed8b1b 5621->5623 5622->5596 5623->5599 5624 7ffdfaed8b21 _Py_Dealloc 5623->5624 5624->5599 5626 7ffdfaf53bcf 5625->5626 5627 7ffdfaf53be7 ?dispose@QListData@@SAXPEAUData@1@ 5625->5627 5626->5627 5628 7ffdfb02233c free 5626->5628 5628->5626 5629 7ffdfaedd790 5630 7ffdfaedd7ef 5629->5630 5631 7ffdfaedd7f3 ?setScheme@QUrl@@QEAAXAEBVQString@@ 5630->5631 5632 7ffdfaedd840 5630->5632 5633 7ffdfaedd82a 5631->5633 5634 7ffdfaee3390 5635 7ffdfaee33de 5634->5635 5636 7ffdfb022300 3 API calls 5635->5636 5637 7ffdfaee342b 5635->5637 5638 7ffdfaee33f1 ??UQRect@@QEBA?AV0@AEBV0@ 5636->5638 5639 7ffdfaee3421 5638->5639 5644 7ffdfaee7390 5645 7ffdfaee73d3 5644->5645 5646 7ffdfaee743a 5645->5646 5647 7ffdfb022300 3 API calls 5645->5647 5648 7ffdfaee73e6 ?toAce@QUrl@@SA?AVQByteArray@@AEBVQString@@ 5647->5648 5649 7ffdfaee7416 5648->5649 5650 7ffdfaed7f90 5651 7ffdfaed7fd2 5650->5651 5652 7ffdfaed7fd6 ?clearError@QStateMachine@ 5651->5652 5653 7ffdfaed7ff7 5651->5653 5654 7ffdfaed4b90 5656 7ffdfaed4ba6 5654->5656 5655 7ffdfaed4c55 5656->5655 5657 7ffdfaed4c00 PyEval_SaveThread ?thread@QObject@@QEBAPEAVQThread@ ?currentThread@QThread@@SAPEAV1 5656->5657 5658 7ffdfaed4c39 ?deleteLater@QObject@ 5657->5658 5660 7ffdfaed4c23 5657->5660 5659 7ffdfaed4c42 PyEval_RestoreThread 5658->5659 5659->5655 5660->5659 5661 7ffdfaed1b90 5662 7ffdfaed1bfb 5661->5662 5663 7ffdfaed1c33 5662->5663 5664 7ffdfaed1bff ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@H 5662->5664 5666 7ffdfaed1ca5 ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@AEBVQString@@ 5663->5666 5667 7ffdfaed1cd8 5663->5667 5665 7ffdfaed1c11 5664->5665 5666->5665 5668 7ffdfaed1d3a ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@PEAVQWidget@@ 5667->5668 5669 7ffdfaed1d51 5667->5669 5668->5669 5670 7ffdfaed1dac ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@0 5669->5670 5671 7ffdfaed1dc3 5669->5671 5670->5671 5672 7ffdfaed3b90 5673 7ffdfaed3ba6 5672->5673 5674 7ffdfaed3c3c 5673->5674 5675 7ffdfaed3bfb ?thread@QObject@@QEBAPEAVQThread@ ?currentThread@QThread@@SAPEAV1 5673->5675 5676 7ffdfaed3c15 5675->5676 5677 7ffdfaed3c33 ?deleteLater@QObject@ 5675->5677 5676->5674 5676->5677 5677->5674 5678 7ffdfaeeab80 5679 7ffdfaeeac01 5678->5679 5680 7ffdfb022300 3 API calls 5679->5680 5681 7ffdfaeeac7c 5679->5681 5682 7ffdfaeeac17 ?query@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@ 5680->5682 5683 7ffdfaeeac52 5682->5683 5684 7ffdfaedc780 5685 7ffdfaedc7a0 5684->5685 5686 7ffdfaedc823 5685->5686 5687 7ffdfaedc81b ?onExit@QStateMachine@@MEAAXPEAVQEvent@@ 5685->5687 5687->5686 5696 7ffdfaed3f80 5697 7ffdfaed3fa4 PyType_IsSubtype 5696->5697 5700 7ffdfaed3fcd 5696->5700 5698 7ffdfaed3fb1 5697->5698 5697->5700 5699 7ffdfaed40a7 5700->5699 5701 7ffdfaed4054 5700->5701 5702 7ffdfaed4030 ??YQRectF@@QEAAAEAV0@AEBVQMarginsF@@ 5700->5702 5703 7ffdfaed4077 5701->5703 5704 7ffdfaed406c _Py_Dealloc 5701->5704 5703->5699 5705 7ffdfaed4080 PyErr_Clear 5703->5705 5704->5703 5706 7ffdfaed2780 5707 7ffdfaed27a9 5706->5707 5708 7ffdfaed27b1 5707->5708 5709 7ffdfaed27fb 5707->5709 5710 7ffdfaed2821 5707->5710 5712 7ffdfaed2808 PyBool_FromLong 5709->5712 5711 7ffdfaed2837 5710->5711 5713 7ffdfaed2831 _Py_Dealloc 5710->5713 5713->5711 5714 7ffdfaed3780 5715 7ffdfaed37a4 PyType_IsSubtype 5714->5715 5718 7ffdfaed37cd 5714->5718 5716 7ffdfaed37b1 5715->5716 5715->5718 5717 7ffdfaed38a7 5718->5717 5719 7ffdfaed3854 5718->5719 5720 7ffdfaed3830 ??ZQRectF@@QEAAAEAV0@AEBVQMarginsF@@ 5718->5720 5721 7ffdfaed3877 5719->5721 5722 7ffdfaed386c _Py_Dealloc 5719->5722 5721->5717 5723 7ffdfaed3880 PyErr_Clear 5721->5723 5722->5721 5724 7ffdfaeea770 5725 7ffdfaeea7ba 5724->5725 5726 7ffdfaeea7be ?setAutoDetectUnicode@QTextStream@@QEAAX_N 5725->5726 5727 7ffdfaeea7e4 5725->5727 5737 7ffdfaee0770 5738 7ffdfaee0790 5737->5738 5739 7ffdfaee0818 5738->5739 5740 7ffdfaee0804 PyLong_FromLong 5738->5740 5741 7ffdfaee07f0 ?duration@QParallelAnimationGroup@ PyLong_FromLong 5738->5741 5743 7ffdfaee1770 5744 7ffdfaee17b2 5743->5744 5745 7ffdfaee17b6 ?requestInterruption@QThread@ 5744->5745 5746 7ffdfaee17d7 5744->5746 5747 7ffdfaee1f70 5748 7ffdfaee1fa5 5747->5748 5749 7ffdfaee1fd8 5748->5749 5750 7ffdfaee1fc0 ??0QThread@@QEAA@PEAVQObject@@ 5748->5750 5750->5749 5750->5750 5751 7ffdfaee5f70 5752 7ffdfaee5fcd 5751->5752 5753 7ffdfaee6016 5752->5753 5754 7ffdfaee5fd1 ?setErrorState@QState@@QEAAXPEAVQAbstractState@@ 5752->5754 5755 7ffdfaee6000 5754->5755 5756 7ffdfaed7b70 5757 7ffdfaed7bb2 5756->5757 5758 7ffdfaed7bed 5757->5758 5759 7ffdfb022300 3 API calls 5757->5759 5760 7ffdfaed7bc0 ?fileName@QSaveFile@@UEBA?AVQString@ 5759->5760 5761 7ffdfaed7be8 5760->5761 5762 7ffdfb012340 5763 7ffdfb012352 5762->5763 5764 7ffdfb012369 ?typeName@QVariant@ ?qstrcmp@@YAHPEBD0 5762->5764 5765 7ffdfb0123a7 5764->5765 5766 7ffdfb01238b 5764->5766 5767 7ffdfb022300 3 API calls 5765->5767 5768 7ffdfb0123d3 ??0QByteArray@@QEAA ??4QByteArray@@QEAAAEAV0@PEBD ?userType@QVariant@ 5767->5768 5769 7ffdfb012411 5768->5769 5770 7ffdfb012447 ??1QByteArray@@QEAA 5769->5770 5771 7ffdfb012441 _Py_Dealloc 5769->5771 5772 7ffdfb02233c free 5770->5772 5771->5770 5773 7ffdfb01245e 5772->5773 5774 7ffdfaee9760 5775 7ffdfaee97e1 5774->5775 5776 7ffdfaee987b 5775->5776 5777 7ffdfaee97e9 PyEval_SaveThread ?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@ PyEval_RestoreThread 5775->5777 5778 7ffdfaee9839 5777->5778 5787 7ffdfaee1360 5788 7ffdfaee13b5 5787->5788 5789 7ffdfaee13b9 ?moveBottomRight@QRect@@QEAAXAEBVQPoint@@ 5788->5789 5790 7ffdfaee13df 5788->5790 5791 7ffdfaee1b60 5792 7ffdfaee1bc3 5791->5792 5793 7ffdfaee1be6 5792->5793 5794 7ffdfaee1bc7 ?port@QUrl@@QEBAHH PyLong_FromLong 5792->5794

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 00007FFDFB016000 Relevance: 87.7, APIs: 41, Strings: 9, Instructions: 196threadwindowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 0 7ffdfb016000-7ffdfb016011 1 7ffdfb016017-7ffdfb016038 PyErr_Fetch 0->1 2 7ffdfb01638a-7ffdfb016391 0->2 3 7ffdfb01604e-7ffdfb016062 PySys_GetObject 1->3 4 7ffdfb01603a-7ffdfb016047 PySys_GetObject 1->4 5 7ffdfb016064-7ffdfb016096 PyErr_Restore PyErr_Print 3->5 6 7ffdfb016097-7ffdfb0160ac 3->6 4->3 7 7ffdfb0160ae-7ffdfb0160c1 PyImport_ImportModule 6->7 8 7ffdfb0160e9-7ffdfb0160f2 6->8 7->8 9 7ffdfb0160c3-7ffdfb0160de PyObject_GetAttrString 7->9 10 7ffdfb0160f4-7ffdfb016107 PySys_GetObject 8->10 11 7ffdfb016159 8->11 9->8 12 7ffdfb0160e0-7ffdfb0160e3 _Py_Dealloc 9->12 13 7ffdfb016161-7ffdfb0161a3 PyErr_Restore PyErr_Print ??0QByteArray@@QEAA@PEBDH@Z 10->13 14 7ffdfb016109-7ffdfb01611e PyObject_CallObject 10->14 11->13 12->8 16 7ffdfb01631f-7ffdfb016383 PyEval_SaveThread ?data@QByteArray@@QEAAPEADXZ ??0QMessageLogger@@QEAA@PEBDH0@Z ?fatal@QMessageLogger@@QEBAXPEBDZZ PyEval_RestoreThread ??1QByteArray@@QEAA@XZ 13->16 17 7ffdfb0161a9-7ffdfb0161c2 PySys_SetObject 13->17 14->13 15 7ffdfb016120-7ffdfb016135 PySys_SetObject 14->15 15->13 18 7ffdfb016137-7ffdfb01613b 15->18 16->2 19 7ffdfb0161cd-7ffdfb0161e6 PyObject_CallMethod 17->19 20 7ffdfb0161c4-7ffdfb0161c7 _Py_Dealloc 17->20 23 7ffdfb01613d-7ffdfb016140 _Py_Dealloc 18->23 24 7ffdfb016146-7ffdfb01614a 18->24 21 7ffdfb01630b-7ffdfb016314 19->21 22 7ffdfb0161ec-7ffdfb01620a PyObject_CallMethod 19->22 20->19 21->16 25 7ffdfb016316-7ffdfb016319 _Py_Dealloc 21->25 26 7ffdfb01621e-7ffdfb016234 PyObject_GetAttrString 22->26 27 7ffdfb01620c-7ffdfb016210 22->27 23->24 28 7ffdfb016155-7ffdfb016157 24->28 29 7ffdfb01614c-7ffdfb01614f _Py_Dealloc 24->29 25->16 32 7ffdfb0162f7-7ffdfb016300 26->32 33 7ffdfb01623a-7ffdfb01624e PyUnicode_AsUTF8String 26->33 30 7ffdfb016212-7ffdfb016215 _Py_Dealloc 27->30 31 7ffdfb01621b 27->31 28->13 29->28 30->31 31->26 32->21 36 7ffdfb016302-7ffdfb016305 _Py_Dealloc 32->36 34 7ffdfb0162e2-7ffdfb0162ec 33->34 35 7ffdfb016254-7ffdfb01627b PyBytes_AsString PyUnicode_AsEncodedString 33->35 34->32 39 7ffdfb0162ee-7ffdfb0162f1 _Py_Dealloc 34->39 37 7ffdfb01627d-7ffdfb0162c3 PyBytes_Size PyBytes_AsString ??0QByteArray@@QEAA@PEBDH@Z ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z ??1QByteArray@@QEAA@XZ 35->37 38 7ffdfb0162ce-7ffdfb0162d7 35->38 36->21 37->38 40 7ffdfb0162c5-7ffdfb0162c8 _Py_Dealloc 37->40 38->34 41 7ffdfb0162d9-7ffdfb0162dc _Py_Dealloc 38->41 39->32 40->38 41->34
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Array@@ByteObjectString$Err_Object_Sys_$Bytes_CallRestore$AttrEval_Logger@@MessageMethodPrintThreadUnicode_$?data@?fatal@EncodedFetchImportImport_ModuleSaveSizeV0@$$V0@@
                                                                                                                                                                                                                                                                    • String ID: StringIO$Unhandled Python exception$__excepthook__$encoding$excepthook$getvalue$stderr$strict$strip
                                                                                                                                                                                                                                                                    • API String ID: 2896962016-3634559486
                                                                                                                                                                                                                                                                    • Opcode ID: 19a567b24dda67e0f75ca5cf4663bf59646769faa99cc04d6e5945e455d8b8f6
                                                                                                                                                                                                                                                                    • Instruction ID: 8d8732c96067c4e563c9d00a6f5f95526d85837c1068a78870f9f83e210b4748
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19a567b24dda67e0f75ca5cf4663bf59646769faa99cc04d6e5945e455d8b8f6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78A12C25B0AA4391EB559B25EC34AB963A0FF86B96F445435DD6E067BCDF3CE408E300

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 00007FFDFB011D70 Relevance: 79.1, APIs: 44, Strings: 1, Instructions: 370COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 42 7ffdfb011d70-7ffdfb011dec ?simplified@QByteArray@@QEGBA?AV1@XZ ??0QByteArray@@QEAA@XZ ?startsWith@QByteArray@@QEBA_NPEBD@Z ?mid@QByteArray@@QEBA?AV1@HH@Z ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z ??1QByteArray@@QEAA@XZ 43 7ffdfb011df1-7ffdfb011dff ?endsWith@QByteArray@@QEBA_ND@Z 42->43 44 7ffdfb011e21-7ffdfb011e2d ?chop@QByteArray@@QEAAXH@Z 43->44 45 7ffdfb011e01-7ffdfb011e0f ?endsWith@QByteArray@@QEBA_ND@Z 43->45 44->43 45->44 46 7ffdfb011e11-7ffdfb011e1f ?endsWith@QByteArray@@QEBA_ND@Z 45->46 46->44 47 7ffdfb011e2f-7ffdfb011e3a 46->47 48 7ffdfb011e6a-7ffdfb011e96 ?indexOf@QByteArray@@QEBAHDH@Z 47->48 49 7ffdfb011e3c-7ffdfb011e69 ??0QByteArray@@QEAA@XZ ??1QByteArray@@QEAA@XZ * 2 47->49 50 7ffdfb011fe0-7ffdfb011ffd ?constData@QByteArray@@QEBAPEBDXZ 48->50 51 7ffdfb011e9c-7ffdfb011eaa ?endsWith@QByteArray@@QEBA_ND@Z 48->51 66 7ffdfb011fff-7ffdfb012006 ??4QByteArray@@QEAAAEAV0@PEBD@Z 50->66 67 7ffdfb01200c-7ffdfb012018 50->67 52 7ffdfb011f17-7ffdfb011f26 51->52 53 7ffdfb011eac-7ffdfb011ebd ??0QByteArray@@QEAA@XZ 51->53 56 7ffdfb012267-7ffdfb012278 ??0QByteArray@@QEAA@XZ 52->56 57 7ffdfb011f2c 52->57 54 7ffdfb011ebf-7ffdfb011ec1 53->54 55 7ffdfb011ed7-7ffdfb011ef6 53->55 59 7ffdfb011ec7-7ffdfb011ed1 54->59 60 7ffdfb01215b-7ffdfb01218c ??1QByteArray@@QEAA@XZ * 2 54->60 63 7ffdfb012152-7ffdfb012155 ?dispose@QListData@@SAXPEAUData@1@@Z 55->63 64 7ffdfb011efc 55->64 61 7ffdfb012293-7ffdfb0122b2 56->61 62 7ffdfb01227a-7ffdfb01227c 56->62 65 7ffdfb011f30-7ffdfb011f3e ?at@QByteArray@@QEBADH@Z 57->65 59->55 59->60 61->63 71 7ffdfb0122b8 61->71 62->60 70 7ffdfb012282-7ffdfb01228d 62->70 63->60 72 7ffdfb011f00-7ffdfb011f10 ??1QByteArray@@QEAA@XZ 64->72 73 7ffdfb011f40-7ffdfb011f42 65->73 74 7ffdfb011f44-7ffdfb011f46 65->74 66->67 68 7ffdfb01201e-7ffdfb01206d ?append@QByteArray@@QEAAAEAV1@D@Z call 7ffdfb00f310 ?append@QByteArray@@QEAAAEAV1@AEBV1@@Z call 7ffdfb00f310 67->68 69 7ffdfb0120d8-7ffdfb012101 ?replace@QByteArray@@QEAAAEAV1@HHAEBV1@@Z ??0QString@@QEAA@$$QEAV0@@Z 67->69 102 7ffdfb01206f 68->102 103 7ffdfb0120b0-7ffdfb0120be ?endsWith@QByteArray@@QEBA_ND@Z 68->103 81 7ffdfb012103-7ffdfb012105 69->81 82 7ffdfb012114-7ffdfb012133 69->82 70->60 70->61 76 7ffdfb0122c0-7ffdfb0122d0 ??1QByteArray@@QEAA@XZ 71->76 72->72 77 7ffdfb011f12 72->77 78 7ffdfb011fb8-7ffdfb011fc1 73->78 79 7ffdfb011f55-7ffdfb011f57 74->79 80 7ffdfb011f48-7ffdfb011f4b 74->80 76->76 86 7ffdfb0122d2 76->86 77->63 78->65 87 7ffdfb011fc7-7ffdfb011fc9 78->87 79->78 83 7ffdfb011f59 79->83 88 7ffdfb01218d-7ffdfb01219e ??0QByteArray@@QEAA@XZ 80->88 89 7ffdfb011f51-7ffdfb011f53 80->89 81->60 90 7ffdfb012107-7ffdfb012112 81->90 82->63 84 7ffdfb012135 82->84 91 7ffdfb011f5c 83->91 92 7ffdfb012140-7ffdfb012150 ??1QByteArray@@QEAA@XZ 84->92 86->63 87->56 96 7ffdfb011fcf-7ffdfb011fdc ?truncate@QByteArray@@QEAAXH@Z 87->96 94 7ffdfb0121a0-7ffdfb0121a2 88->94 95 7ffdfb0121b1-7ffdfb0121d0 88->95 89->91 90->60 90->82 91->78 97 7ffdfb011f5e-7ffdfb011f60 91->97 92->63 92->92 94->60 99 7ffdfb0121a4-7ffdfb0121af 94->99 95->63 100 7ffdfb0121d2-7ffdfb0121e2 ??1QByteArray@@QEAA@XZ 95->100 96->50 97->78 101 7ffdfb011f62-7ffdfb011f97 ?mid@QByteArray@@QEBA?AV1@HH@Z call 7ffdfb011d70 ??1QByteArray@@QEAA@XZ 97->101 99->60 99->95 100->100 104 7ffdfb0121e4 100->104 111 7ffdfb011f9d-7ffdfb011fb2 call 7ffdfaf4f9b0 ??1QByteArray@@QEAA@XZ 101->111 112 7ffdfb0121e9-7ffdfb012204 ??0QByteArray@@QEAA@XZ ??1QByteArray@@QEAA@XZ 101->112 106 7ffdfb012072-7ffdfb0120ae ?append@QByteArray@@QEAAAEAV1@D@Z ?append@QByteArray@@QEAAAEAV1@AEBV1@@Z call 7ffdfb00f310 102->106 107 7ffdfb0120c0-7ffdfb0120c6 ?append@QByteArray@@QEAAAEAV1@D@Z 103->107 108 7ffdfb0120cc-7ffdfb0120d2 ?append@QByteArray@@QEAAAEAV1@D@Z 103->108 104->63 106->103 107->108 108->69 111->78 115 7ffdfb01221f-7ffdfb01223e 112->115 116 7ffdfb012206-7ffdfb012208 112->116 115->63 119 7ffdfb012244-7ffdfb012248 115->119 116->60 118 7ffdfb01220e-7ffdfb012219 116->118 118->60 118->115 120 7ffdfb012250-7ffdfb012260 ??1QByteArray@@QEAA@XZ 119->120 120->120 121 7ffdfb012262 120->121 121->63
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?simplified@QByteArray@@QEGBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011D8E
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011D98
                                                                                                                                                                                                                                                                    • ?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DA9
                                                                                                                                                                                                                                                                    • ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DCF
                                                                                                                                                                                                                                                                    • ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DDC
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DE6
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DF7
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E07
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E17
                                                                                                                                                                                                                                                                    • ?chop@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E27
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E3F
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E49
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E53
                                                                                                                                                                                                                                                                    • ?indexOf@QByteArray@@QEBAHDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E8B
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011EA2
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011EAF
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011F07
                                                                                                                                                                                                                                                                    • ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011F36
                                                                                                                                                                                                                                                                    • ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011F73
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011F89
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011FB2
                                                                                                                                                                                                                                                                    • ?truncate@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011FD6
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011FEB
                                                                                                                                                                                                                                                                    • ??4QByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012006
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012024
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@AEBV1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012047
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012078
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@AEBV1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012085
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0120B6
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0120C6
                                                                                                                                                                                                                                                                    • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0120D2
                                                                                                                                                                                                                                                                    • ?replace@QByteArray@@QEAAAEAV1@HHAEBV1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0120E6
                                                                                                                                                                                                                                                                    • ??0QString@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0120F3
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012147
                                                                                                                                                                                                                                                                    • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012155
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB01215F
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012169
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012190
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0121D9
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0121EC
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0121F6
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB012257
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB01226A
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB0122C7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$?append@With@$?ends$V1@@$?mid@V0@@$?at@?chop@?const?dispose@?index?replace@?simplified@?starts?truncate@A@$$Data@Data@1@@Data@@ListString@@V0@$$
                                                                                                                                                                                                                                                                    • String ID: const
                                                                                                                                                                                                                                                                    • API String ID: 1628917040-3652449992
                                                                                                                                                                                                                                                                    • Opcode ID: 99ab32c9d34dc47e0deb672b1c60dbe66c3964a6b357cfc99745196c1b47e956
                                                                                                                                                                                                                                                                    • Instruction ID: 7c6072168b295e969a9350cce6b8729fad87fd22f5ff5a5797faf876e4ff73ae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99ab32c9d34dc47e0deb672b1c60dbe66c3964a6b357cfc99745196c1b47e956
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF17132B16A4396EF159F50D8A09BC2361FB96B69B855031CE1E136BCDF3CE949D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDF0C0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 122 7ffdfaedf0c0-7ffdfaedf0f2 PyObject_GetIter 123 7ffdfaedf14b-7ffdfaedf166 122->123 124 7ffdfaedf0f4-7ffdfaedf0fd PyErr_Clear 122->124 125 7ffdfaedf16c 123->125 126 7ffdfaedf353 123->126 127 7ffdfaedf136-7ffdfaedf14a 124->127 128 7ffdfaedf0ff-7ffdfaedf103 124->128 132 7ffdfaedf171 call 7ffdfb022300 125->132 131 7ffdfaedf356 126->131 129 7ffdfaedf105-7ffdfaedf108 _Py_Dealloc 128->129 130 7ffdfaedf10e-7ffdfaedf11c PyType_GetFlags 128->130 129->130 130->127 133 7ffdfaedf11e-7ffdfaedf135 130->133 134 7ffdfaedf358-7ffdfaedf378 131->134 135 7ffdfaedf176-7ffdfaedf1a0 PyErr_Clear PyIter_Next 132->135 136 7ffdfaedf30a-7ffdfaedf313 PyErr_Occurred 135->136 137 7ffdfaedf1a6-7ffdfaedf1c1 PyErr_Clear PyFloat_AsDouble PyErr_Occurred 135->137 140 7ffdfaedf319-7ffdfaedf320 136->140 141 7ffdfaedf3ff-7ffdfaedf402 136->141 138 7ffdfaedf379-7ffdfaedf3aa PyErr_Format 137->138 139 7ffdfaedf1c7-7ffdfaedf1cf 137->139 158 7ffdfaedf3ac-7ffdfaedf3af _Py_Dealloc 138->158 159 7ffdfaedf3b5-7ffdfaedf3bc 138->159 144 7ffdfaedf1d5-7ffdfaedf222 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z 139->144 145 7ffdfaedf2c1-7ffdfaedf2ca ?append@QListData@@QEAAPEAPEAXXZ 139->145 146 7ffdfaedf322-7ffdfaedf324 140->146 147 7ffdfaedf32f-7ffdfaedf332 ?dispose@QListData@@SAXPEAUData@1@@Z 140->147 142 7ffdfaedf404-7ffdfaedf407 _Py_Dealloc 141->142 143 7ffdfaedf40d-7ffdfaedf428 141->143 142->143 143->134 150 7ffdfaedf244-7ffdfaedf26c 144->150 151 7ffdfaedf224-7ffdfaedf22e 144->151 148 7ffdfaedf2ce-7ffdfaedf2d1 145->148 152 7ffdfaedf326-7ffdfaedf32d 146->152 153 7ffdfaedf338-7ffdfaedf348 call 7ffdfb02233c 146->153 147->153 156 7ffdfaedf2dc-7ffdfaedf2f4 PyErr_Clear PyIter_Next 148->156 157 7ffdfaedf2d3-7ffdfaedf2d6 _Py_Dealloc 148->157 161 7ffdfaedf28a-7ffdfaedf28f 150->161 162 7ffdfaedf26e-7ffdfaedf278 150->162 151->150 160 7ffdfaedf230-7ffdfaedf240 memcpy 151->160 152->147 152->153 153->126 170 7ffdfaedf34a-7ffdfaedf34d _Py_Dealloc 153->170 156->137 166 7ffdfaedf2fa-7ffdfaedf302 156->166 157->156 158->159 167 7ffdfaedf3cb-7ffdfaedf3ce ?dispose@QListData@@SAXPEAUData@1@@Z 159->167 168 7ffdfaedf3be-7ffdfaedf3c0 159->168 160->150 164 7ffdfaedf2a1-7ffdfaedf2a4 ?dispose@QListData@@SAXPEAUData@1@@Z 161->164 165 7ffdfaedf291-7ffdfaedf293 161->165 162->161 169 7ffdfaedf27a-7ffdfaedf285 memcpy 162->169 171 7ffdfaedf2aa-7ffdfaedf2bf 164->171 165->171 172 7ffdfaedf295-7ffdfaedf29f 165->172 166->136 174 7ffdfaedf3d4-7ffdfaedf3e4 call 7ffdfb02233c 167->174 173 7ffdfaedf3c2-7ffdfaedf3c9 168->173 168->174 169->161 170->126 171->148 172->164 172->171 173->167 173->174 177 7ffdfaedf3e6-7ffdfaedf3e9 _Py_Dealloc 174->177 178 7ffdfaedf3ef-7ffdfaedf3fa 174->178 177->178 178->131
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$Data@@List$Clear$?dispose@Data@1@@$Iter_NextOccurredmemcpy$?append@?detach_grow@Data@1@DoubleFlagsFloat_FormatIterObject_Type_
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'float' is expected
                                                                                                                                                                                                                                                                    • API String ID: 3824851262-3213121333
                                                                                                                                                                                                                                                                    • Opcode ID: 466df50fab5b7c376a7d9025d7af2b6e6758ebffc121705c8c43acde55b332ed
                                                                                                                                                                                                                                                                    • Instruction ID: 8bdad0cea6146cfc5a5435dbbb0776d28bb2463756b81f1f3534b4d63132fe90
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 466df50fab5b7c376a7d9025d7af2b6e6758ebffc121705c8c43acde55b332ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACA1A126B0AA4682EB58DF15E860ABD7360BF85B96F454031CE2F037A8CF3DD55AC310
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE3FC0 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 179 7ffdfaee3fc0-7ffdfaee3ff0 PyObject_GetIter 180 7ffdfaee4045-7ffdfaee4060 179->180 181 7ffdfaee3ff2-7ffdfaee3ffb PyErr_Clear 179->181 184 7ffdfaee4066 180->184 185 7ffdfaee425e 180->185 182 7ffdfaee4032-7ffdfaee4044 181->182 183 7ffdfaee3ffd-7ffdfaee4001 181->183 186 7ffdfaee400c-7ffdfaee401a PyType_GetFlags 183->186 187 7ffdfaee4003-7ffdfaee4006 _Py_Dealloc 183->187 188 7ffdfaee406b call 7ffdfb022300 184->188 189 7ffdfaee4261 185->189 186->182 192 7ffdfaee401c-7ffdfaee4031 186->192 187->186 190 7ffdfaee4070-7ffdfaee409a PyErr_Clear PyIter_Next 188->190 191 7ffdfaee4263-7ffdfaee4281 189->191 193 7ffdfaee4214-7ffdfaee421d PyErr_Occurred 190->193 194 7ffdfaee40a0-7ffdfaee40bc PyErr_Occurred 190->194 195 7ffdfaee4223-7ffdfaee422a 193->195 196 7ffdfaee431e-7ffdfaee4322 193->196 202 7ffdfaee4282-7ffdfaee4294 PyErr_ExceptionMatches 194->202 203 7ffdfaee40c2-7ffdfaee40ca 194->203 200 7ffdfaee4239-7ffdfaee423c ?dispose@QListData@@SAXPEAUData@1@@Z 195->200 201 7ffdfaee422c-7ffdfaee422e 195->201 197 7ffdfaee4324-7ffdfaee4327 _Py_Dealloc 196->197 198 7ffdfaee432d-7ffdfaee4348 196->198 197->198 198->191 204 7ffdfaee4242-7ffdfaee4253 call 7ffdfb02233c 200->204 201->204 205 7ffdfaee4230-7ffdfaee4237 201->205 206 7ffdfaee4296-7ffdfaee42be PyErr_Format 202->206 207 7ffdfaee42c4-7ffdfaee42c8 202->207 209 7ffdfaee41c1-7ffdfaee41d4 ?append@QListData@@QEAAPEAPEAXXZ 203->209 210 7ffdfaee40d0-7ffdfaee411d ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z 203->210 204->185 226 7ffdfaee4255-7ffdfaee4258 _Py_Dealloc 204->226 205->200 205->204 206->207 213 7ffdfaee42ca-7ffdfaee42cd _Py_Dealloc 207->213 214 7ffdfaee42d3-7ffdfaee42da 207->214 212 7ffdfaee41d7-7ffdfaee41db 209->212 215 7ffdfaee413f-7ffdfaee4167 210->215 216 7ffdfaee411f-7ffdfaee4129 210->216 218 7ffdfaee41e6-7ffdfaee41fe PyErr_Clear PyIter_Next 212->218 219 7ffdfaee41dd-7ffdfaee41e0 _Py_Dealloc 212->219 213->214 222 7ffdfaee42e9-7ffdfaee42ec ?dispose@QListData@@SAXPEAUData@1@@Z 214->222 223 7ffdfaee42dc-7ffdfaee42de 214->223 224 7ffdfaee4169-7ffdfaee4173 215->224 225 7ffdfaee4185-7ffdfaee418a 215->225 216->215 221 7ffdfaee412b-7ffdfaee413b memcpy 216->221 218->194 227 7ffdfaee4204-7ffdfaee420c 218->227 219->218 221->215 228 7ffdfaee42f2-7ffdfaee4303 call 7ffdfb02233c 222->228 223->228 229 7ffdfaee42e0-7ffdfaee42e7 223->229 224->225 230 7ffdfaee4175-7ffdfaee4180 memcpy 224->230 231 7ffdfaee419c-7ffdfaee419f ?dispose@QListData@@SAXPEAUData@1@@Z 225->231 232 7ffdfaee418c-7ffdfaee418e 225->232 226->185 227->193 237 7ffdfaee4305-7ffdfaee4308 _Py_Dealloc 228->237 238 7ffdfaee430e-7ffdfaee4319 228->238 229->222 229->228 230->225 234 7ffdfaee41a5-7ffdfaee41bf 231->234 232->234 235 7ffdfaee4190-7ffdfaee419a 232->235 234->212 235->231 235->234 237->238 238->189
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_$Dealloc$Data@@List$?dispose@ClearData@1@@$Iter_NextOccurredmemcpy$?append@?detach_grow@Data@1@ExceptionFlagsFormatIterMatchesObject_Type_
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'int' is expected
                                                                                                                                                                                                                                                                    • API String ID: 3743776471-1902674334
                                                                                                                                                                                                                                                                    • Opcode ID: 3ab0916e09a2a158e07748fcb0189c12fb60a3c18277cc263f74ae5ae037863b
                                                                                                                                                                                                                                                                    • Instruction ID: 4e5e64f02b338b8269035cc30b9de69ea730bf6a330fb367752524d390e29df9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab0916e09a2a158e07748fcb0189c12fb60a3c18277cc263f74ae5ae037863b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7A16D36B0AA4382EB549F15E8A0A7D7360BF85B96F454031CE6E437A8DF3ED959D300
                                                                                                                                                                                                                                                                    Function 00007FFDFB01F980 Relevance: 43.8, APIs: 29, Instructions: 320COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 239 7ffdfb01f980-7ffdfb01f98e 240 7ffdfb01f994-7ffdfb01f9a2 call 7ffdfb011540 239->240 241 7ffdfb01fdca 239->241 246 7ffdfb01f9a4-7ffdfb01f9ab 240->246 247 7ffdfb01f9ac-7ffdfb01f9c5 240->247 242 7ffdfb01fdcf call 7ffdfb022300 241->242 244 7ffdfb01fdd4-7ffdfb01fe04 ??0QVariant@@QEAA@AEBV0@@Z 242->244 251 7ffdfb01fe21-7ffdfb01fe2b 244->251 252 7ffdfb01fe06-7ffdfb01fe09 244->252 249 7ffdfb01fd5f-7ffdfb01fd66 247->249 250 7ffdfb01f9cb-7ffdfb01f9d1 247->250 253 7ffdfb01fd75-7ffdfb01fd95 ??0QVariant@@QEAA@W4Type@0@@Z call 7ffdfb012480 ??1QVariant@@QEAA@XZ 249->253 254 7ffdfb01fd68-7ffdfb01fd73 PyObject_CallObject 249->254 255 7ffdfb01fd4f-7ffdfb01fd5d call 7ffdfb012480 250->255 256 7ffdfb01f9d7-7ffdfb01f9da 250->256 252->251 260 7ffdfb01fe0b-7ffdfb01fe1c ??1QVariant@@QEAA@XZ call 7ffdfb02233c 252->260 261 7ffdfb01fd9b-7ffdfb01fdc9 call 7ffdfb00ef50 call 7ffdfb02233c 253->261 254->261 255->261 257 7ffdfb01fa01-7ffdfb01fa0d ?type@QVariant@@QEBA?AW4Type@1@XZ 256->257 258 7ffdfb01f9dc-7ffdfb01f9e8 ?type@QVariant@@QEBA?AW4Type@1@XZ 256->258 265 7ffdfb01fb9f-7ffdfb01fba2 257->265 266 7ffdfb01fa13-7ffdfb01fa16 257->266 263 7ffdfb01f9f8-7ffdfb01f9fb 258->263 264 7ffdfb01f9ea-7ffdfb01f9f2 ?convert@QVariant@@QEAA_NH@Z 258->264 260->251 263->257 271 7ffdfb01fba8-7ffdfb01fbb4 ?type@QVariant@@QEBA?AW4Type@1@XZ 263->271 264->263 265->271 274 7ffdfb01fc75-7ffdfb01fc81 ?type@QVariant@@QEBA?AW4Type@1@XZ 265->274 272 7ffdfb01fd3f-7ffdfb01fd4d call 7ffdfb01f910 266->272 273 7ffdfb01fa1c-7ffdfb01fa4c ?toList@QVariant@@QEBA?AV?$QList@VQVariant@@@@XZ PyList_New 266->273 280 7ffdfb01fbba-7ffdfb01fbd7 ?toMap@QVariant@@QEBA?AV?$QMap@VQString@@VQVariant@@@@XZ PyDict_New 271->280 281 7ffdfb01fc6c-7ffdfb01fc6f 271->281 272->261 278 7ffdfb01fa52-7ffdfb01fa61 273->278 279 7ffdfb01faf9-7ffdfb01fb07 273->279 274->272 276 7ffdfb01fc87-7ffdfb01fca4 ?toHash@QVariant@@QEBA?AV?$QHash@VQString@@VQVariant@@@@XZ PyDict_New 274->276 286 7ffdfb01fca6-7ffdfb01fcb2 276->286 287 7ffdfb01fd09 276->287 289 7ffdfb01faf6 278->289 290 7ffdfb01fa67-7ffdfb01fa6a 278->290 283 7ffdfb01fb29-7ffdfb01fb49 279->283 284 7ffdfb01fb09-7ffdfb01fb0c 279->284 291 7ffdfb01fc30 280->291 292 7ffdfb01fbd9-7ffdfb01fbe1 280->292 281->272 281->274 296 7ffdfb01fb78-7ffdfb01fb81 ?dispose@QListData@@SAXPEAUData@1@@Z 283->296 297 7ffdfb01fb4b 283->297 284->261 293 7ffdfb01fb12-7ffdfb01fb23 284->293 294 7ffdfb01fcb4-7ffdfb01fcbc 286->294 295 7ffdfb01fd0b-7ffdfb01fd15 286->295 287->295 289->279 298 7ffdfb01fa70-7ffdfb01fa9a ??0QVariant@@QEAA@AEBV0@@Z ?convert@QVariant@@QEAA_NH@Z 290->298 299 7ffdfb01fc32-7ffdfb01fc3b 291->299 292->299 300 7ffdfb01fbe3-7ffdfb01fbee 292->300 293->261 293->283 302 7ffdfb01fcbe-7ffdfb01fcc4 294->302 303 7ffdfb01fcd0-7ffdfb01fce5 call 7ffdfb01f810 294->303 309 7ffdfb01fd17-7ffdfb01fd1a 295->309 310 7ffdfb01fd2b-7ffdfb01fd3d ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z 295->310 296->261 304 7ffdfb01fb50-7ffdfb01fb5b 297->304 305 7ffdfb01faaa-7ffdfb01fac8 call 7ffdfb012480 ??1QVariant@@QEAA@XZ 298->305 306 7ffdfb01fa9c-7ffdfb01faa4 ??4QVariant@@QEAAAEAV0@AEBV0@@Z 298->306 307 7ffdfb01fc5d-7ffdfb01fc67 call 7ffdfaf53cb0 299->307 308 7ffdfb01fc3d-7ffdfb01fc40 299->308 300->299 301 7ffdfb01fbf0-7ffdfb01fc05 call 7ffdfb01f810 300->301 325 7ffdfb01fc21-7ffdfb01fc25 301->325 326 7ffdfb01fc07-7ffdfb01fc1d ?nextNode@QMapNodeBase@@QEBAPEBU1@XZ 301->326 302->294 312 7ffdfb01fcc6 302->312 327 7ffdfb01fce7-7ffdfb01fcf6 ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z 303->327 328 7ffdfb01fcfa-7ffdfb01fcfe 303->328 313 7ffdfb01fb5d-7ffdfb01fb6e ??1QVariant@@QEAA@XZ call 7ffdfb02233c 304->313 314 7ffdfb01fb73-7ffdfb01fb76 304->314 329 7ffdfb01face-7ffdfb01faf0 PyList_SetItem 305->329 330 7ffdfb01fb86-7ffdfb01fb8b 305->330 306->305 307->261 308->261 316 7ffdfb01fc46-7ffdfb01fc57 308->316 309->261 319 7ffdfb01fd1c-7ffdfb01fd29 309->319 310->261 312->295 313->314 314->296 314->304 316->261 316->307 319->261 319->310 325->291 332 7ffdfb01fc27-7ffdfb01fc2a _Py_Dealloc 325->332 326->301 331 7ffdfb01fc1f 326->331 327->303 333 7ffdfb01fcf8 327->333 328->287 335 7ffdfb01fd00-7ffdfb01fd03 _Py_Dealloc 328->335 329->289 329->298 330->279 334 7ffdfb01fb91-7ffdfb01fb9a _Py_Dealloc 330->334 331->299 332->291 333->295 334->279 335->287
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?type@QVariant@@QEBA?AW4Type@1@XZ.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F9DF
                                                                                                                                                                                                                                                                    • ?convert@QVariant@@QEAA_NH@Z.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F9F2
                                                                                                                                                                                                                                                                    • ?type@QVariant@@QEBA?AW4Type@1@XZ.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FA04
                                                                                                                                                                                                                                                                    • ?toList@QVariant@@QEBA?AV?$QList@VQVariant@@@@XZ.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FA29
                                                                                                                                                                                                                                                                    • PyList_New.PYTHON3(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FA3E
                                                                                                                                                                                                                                                                    • ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FA84
                                                                                                                                                                                                                                                                    • ?convert@QVariant@@QEAA_NH@Z.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FA92
                                                                                                                                                                                                                                                                    • ??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FAA4
                                                                                                                                                                                                                                                                    • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FABF
                                                                                                                                                                                                                                                                    • PyList_SetItem.PYTHON3(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FAD7
                                                                                                                                                                                                                                                                    • ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FDDA
                                                                                                                                                                                                                                                                    • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01FE0E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01156D
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: PyType_GetFlags.PYTHON3(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01157C
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: PyType_GetFlags.PYTHON3(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0115AD
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: PyErr_Format.PYTHON3(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0115DD
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: _Py_Dealloc.PYTHON3(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0115F2
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011540: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0115FC
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Variant@@$V0@@$?convert@?type@Array@@ByteFlagsList@List_Type@1@Type_$DeallocErr_FormatItemVariant@@@@
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2864303132-0
                                                                                                                                                                                                                                                                    • Opcode ID: 78d37951829ff24e002e4268e87af40e2f180e6d03c19e08232fc0a434c8ea7c
                                                                                                                                                                                                                                                                    • Instruction ID: c288ff7336defe708d62eb34726136b9e8b3f64bc6e63a5749eab49e9d7bbf82
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78d37951829ff24e002e4268e87af40e2f180e6d03c19e08232fc0a434c8ea7c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6D19021B0AA4392EB189F2598B49786391FF86BD5F585531DE2E077FCDE3CE446A300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEA350 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 395 7ffdfaeea350-7ffdfaeea383 PyObject_GetIter 396 7ffdfaeea385-7ffdfaeea38e PyErr_Clear 395->396 397 7ffdfaeea3d0-7ffdfaeea3ea 395->397 398 7ffdfaeea3c1-7ffdfaeea3cf 396->398 399 7ffdfaeea390-7ffdfaeea394 396->399 400 7ffdfaeea671 397->400 401 7ffdfaeea3f0 397->401 402 7ffdfaeea396-7ffdfaeea399 _Py_Dealloc 399->402 403 7ffdfaeea39f-7ffdfaeea3ad PyType_GetFlags 399->403 405 7ffdfaeea673 400->405 404 7ffdfaeea3f5 call 7ffdfb022300 401->404 402->403 403->398 406 7ffdfaeea3af-7ffdfaeea3c0 403->406 407 7ffdfaeea3fa-7ffdfaeea423 PyErr_Clear PyIter_Next 404->407 408 7ffdfaeea675-7ffdfaeea693 405->408 409 7ffdfaeea429 407->409 410 7ffdfaeea63e-7ffdfaeea647 PyErr_Occurred 407->410 413 7ffdfaeea430-7ffdfaeea45f 409->413 411 7ffdfaeea6fb-7ffdfaeea6ff 410->411 412 7ffdfaeea64d-7ffdfaeea666 call 7ffdfaf4e3b0 call 7ffdfb02233c 410->412 415 7ffdfaeea70a-7ffdfaeea71e 411->415 416 7ffdfaeea701-7ffdfaeea704 _Py_Dealloc 411->416 412->400 429 7ffdfaeea668-7ffdfaeea66b _Py_Dealloc 412->429 421 7ffdfaeea465-7ffdfaeea46e 413->421 422 7ffdfaeea694-7ffdfaeea6c7 PyErr_Format 413->422 415->408 416->415 424 7ffdfaeea5c8-7ffdfaeea5e4 ??0QRegularExpression@@QEAA@AEBV0@@Z ?append@QListData@@QEAAPEAPEAXXZ 421->424 425 7ffdfaeea474-7ffdfaeea4cb ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z 421->425 432 7ffdfaeea6c9-7ffdfaeea6cc _Py_Dealloc 422->432 433 7ffdfaeea6d2-7ffdfaeea6eb call 7ffdfaf4e3b0 call 7ffdfb02233c 422->433 430 7ffdfaeea5e7-7ffdfaeea608 424->430 426 7ffdfaeea4cd 425->426 427 7ffdfaeea4ee-7ffdfaeea51c 425->427 431 7ffdfaeea4d0-7ffdfaeea4e7 ??0QRegularExpression@@QEAA@AEBV0@@Z 426->431 434 7ffdfaeea539-7ffdfaeea53d 427->434 435 7ffdfaeea51e 427->435 429->400 442 7ffdfaeea60a-7ffdfaeea60d _Py_Dealloc 430->442 443 7ffdfaeea613-7ffdfaeea630 PyErr_Clear PyIter_Next 430->443 431->431 437 7ffdfaeea4e9 431->437 432->433 433->405 453 7ffdfaeea6ed-7ffdfaeea6f6 _Py_Dealloc 433->453 440 7ffdfaeea552-7ffdfaeea56d 434->440 441 7ffdfaeea53f-7ffdfaeea542 434->441 439 7ffdfaeea520-7ffdfaeea537 ??0QRegularExpression@@QEAA@AEBV0@@Z 435->439 437->427 439->434 439->439 447 7ffdfaeea582-7ffdfaeea585 ?dispose@QListData@@SAXPEAUData@1@@Z 440->447 448 7ffdfaeea56f 440->448 445 7ffdfaeea58b-7ffdfaeea5c6 ??0QRegularExpression@@QEAA@AEBV0@@Z 441->445 446 7ffdfaeea544-7ffdfaeea550 441->446 442->443 443->413 449 7ffdfaeea636 443->449 445->430 446->440 446->445 447->445 451 7ffdfaeea570-7ffdfaeea580 ??1QCommandLineOption@@QEAA@XZ 448->451 449->410 451->447 451->451 453->405
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • index %zd has type '%s' but 'QCommandLineOption' is expected, xrefs: 00007FFDFAEEA6AC
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_$Expression@@RegularV0@@$ClearData@@List$Iter_Next$?append@?detach_grow@?dispose@CommandData@1@Data@1@@FlagsFormatIterLineObject_OccurredOption@@Type_
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'QCommandLineOption' is expected
                                                                                                                                                                                                                                                                    • API String ID: 4131597017-321892665
                                                                                                                                                                                                                                                                    • Opcode ID: 57081b81318a7b8ce746cbf14ffbc26c8d2a703cc619b1787e47702253356d48
                                                                                                                                                                                                                                                                    • Instruction ID: c09a382038f8742d44bb0a465dc97cfa591fae01913e8b3b4492b2404d7b7c3f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57081b81318a7b8ce746cbf14ffbc26c8d2a703cc619b1787e47702253356d48
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAB18D32B19A4282DB14AF15E8A457973A0FF86B96F494535DE6F077A8CF3DD849C300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDBD00 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 336 7ffdfaedbd00-7ffdfaedbd33 PyObject_GetIter 337 7ffdfaedbd35-7ffdfaedbd3e PyErr_Clear 336->337 338 7ffdfaedbd80-7ffdfaedbd9a 336->338 339 7ffdfaedbd71-7ffdfaedbd7f 337->339 340 7ffdfaedbd40-7ffdfaedbd44 337->340 341 7ffdfaedc021 338->341 342 7ffdfaedbda0 338->342 343 7ffdfaedbd46-7ffdfaedbd49 _Py_Dealloc 340->343 344 7ffdfaedbd4f-7ffdfaedbd5d PyType_GetFlags 340->344 346 7ffdfaedc023 341->346 345 7ffdfaedbda5 call 7ffdfb022300 342->345 343->344 344->339 347 7ffdfaedbd5f-7ffdfaedbd70 344->347 348 7ffdfaedbdaa-7ffdfaedbdd3 PyErr_Clear PyIter_Next 345->348 349 7ffdfaedc025-7ffdfaedc043 346->349 350 7ffdfaedbdd9 348->350 351 7ffdfaedbfee-7ffdfaedbff7 PyErr_Occurred 348->351 354 7ffdfaedbde0-7ffdfaedbe0f 350->354 352 7ffdfaedc0ab-7ffdfaedc0af 351->352 353 7ffdfaedbffd-7ffdfaedc016 call 7ffdfaf4e4b0 call 7ffdfb02233c 351->353 356 7ffdfaedc0ba-7ffdfaedc0ce 352->356 357 7ffdfaedc0b1-7ffdfaedc0b4 _Py_Dealloc 352->357 353->341 368 7ffdfaedc018-7ffdfaedc01b _Py_Dealloc 353->368 362 7ffdfaedbe15-7ffdfaedbe1e 354->362 363 7ffdfaedc044-7ffdfaedc077 PyErr_Format 354->363 356->349 357->356 365 7ffdfaedbf78-7ffdfaedbf94 ??0QLocale@@QEAA@AEBV0@@Z ?append@QListData@@QEAAPEAPEAXXZ 362->365 366 7ffdfaedbe24-7ffdfaedbe7b ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z 362->366 373 7ffdfaedc079-7ffdfaedc07c _Py_Dealloc 363->373 374 7ffdfaedc082-7ffdfaedc09b call 7ffdfaf4e4b0 call 7ffdfb02233c 363->374 369 7ffdfaedbf97-7ffdfaedbfb8 365->369 370 7ffdfaedbe9e-7ffdfaedbecc 366->370 371 7ffdfaedbe7d 366->371 368->341 383 7ffdfaedbfba-7ffdfaedbfbd _Py_Dealloc 369->383 384 7ffdfaedbfc3-7ffdfaedbfe0 PyErr_Clear PyIter_Next 369->384 375 7ffdfaedbee9-7ffdfaedbeed 370->375 376 7ffdfaedbece 370->376 372 7ffdfaedbe80-7ffdfaedbe97 ??0QLocale@@QEAA@AEBV0@@Z 371->372 372->372 378 7ffdfaedbe99 372->378 373->374 374->346 394 7ffdfaedc09d-7ffdfaedc0a6 _Py_Dealloc 374->394 381 7ffdfaedbf02-7ffdfaedbf1d 375->381 382 7ffdfaedbeef-7ffdfaedbef2 375->382 380 7ffdfaedbed0-7ffdfaedbee7 ??0QLocale@@QEAA@AEBV0@@Z 376->380 378->370 380->375 380->380 388 7ffdfaedbf32-7ffdfaedbf35 ?dispose@QListData@@SAXPEAUData@1@@Z 381->388 389 7ffdfaedbf1f 381->389 386 7ffdfaedbf3b-7ffdfaedbf76 ??0QLocale@@QEAA@AEBV0@@Z 382->386 387 7ffdfaedbef4-7ffdfaedbf00 382->387 383->384 384->354 390 7ffdfaedbfe6 384->390 386->369 387->381 387->386 388->386 392 7ffdfaedbf20-7ffdfaedbf30 ??1QLocale@@QEAA@XZ 389->392 390->351 392->388 392->392 394->346
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_Locale@@$V0@@$ClearData@@List$Iter_Next$?append@?detach_grow@?dispose@Data@1@Data@1@@FlagsFormatIterObject_OccurredType_
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'QLocale' is expected
                                                                                                                                                                                                                                                                    • API String ID: 3119682012-1903385958
                                                                                                                                                                                                                                                                    • Opcode ID: 043443fbffdbd474baee8396bdcf9841863610e795d22a0e76904917b71ba778
                                                                                                                                                                                                                                                                    • Instruction ID: a1c21fd0cd3ebdf94e7709af25eff31c083f7606aab0af14adaa71874850cd4a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 043443fbffdbd474baee8396bdcf9841863610e795d22a0e76904917b71ba778
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CB18D32B0AA4282DB149F15E864A797361FF86B96F484531DEAF477A8DF3DD44AC300
                                                                                                                                                                                                                                                                    Function 00007FFDFB0116F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 454 7ffdfb0116f0-7ffdfb01174d ??4QByteArray@@QEAAAEAV0@AEBV0@@Z ?startsWith@QByteArray@@QEBA_NPEBD@Z ?mid@QByteArray@@QEBA?AV1@HH@Z call 7ffdfb011d70 457 7ffdfb01189e 454->457 458 7ffdfb011753-7ffdfb01176c ?constData@QByteArray@@QEBAPEBDXZ ?type@QMetaType@@SAHPEBD@Z 454->458 461 7ffdfb0118a0-7ffdfb0118c0 ??1QByteArray@@QEAA@XZ * 2 457->461 459 7ffdfb01176e-7ffdfb011774 458->459 460 7ffdfb011777-7ffdfb011789 ?endsWith@QByteArray@@QEBA_ND@Z 458->460 459->460 462 7ffdfb0117b0-7ffdfb0117d1 ?constData@QByteArray@@QEBAPEBDXZ 460->462 463 7ffdfb01178b-7ffdfb0117aa ?chop@QByteArray@@QEAAXH@Z ?endsWith@QByteArray@@QEBA_ND@Z 460->463 465 7ffdfb0117d3-7ffdfb0117e4 462->465 466 7ffdfb01183c-7ffdfb011842 462->466 463->457 463->462 467 7ffdfb01181e-7ffdfb011839 ?constData@QByteArray@@QEBAPEBDXZ 465->467 468 7ffdfb0117e6-7ffdfb01181c ?constData@QByteArray@@QEBAPEBDXZ * 2 memcmp 465->468 469 7ffdfb0118c1-7ffdfb0118ca 466->469 470 7ffdfb011844-7ffdfb01184a 466->470 467->466 468->466 468->467 469->457 471 7ffdfb0118cc-7ffdfb0118ce 469->471 472 7ffdfb01187b-7ffdfb01187d 470->472 473 7ffdfb01184c-7ffdfb011852 470->473 474 7ffdfb011900-7ffdfb01190b 471->474 475 7ffdfb0118d0-7ffdfb0118db call 7ffdfb0122e0 471->475 472->461 477 7ffdfb011854-7ffdfb011857 473->477 478 7ffdfb011859-7ffdfb01186d ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z 473->478 479 7ffdfb01190d-7ffdfb011910 474->479 480 7ffdfb011917-7ffdfb01191f 474->480 475->474 491 7ffdfb0118dd-7ffdfb0118f7 PyType_IsSubtype 475->491 477->472 477->478 481 7ffdfb01187f-7ffdfb011893 ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z 478->481 482 7ffdfb01186f-7ffdfb011872 478->482 479->480 484 7ffdfb011912-7ffdfb011914 479->484 486 7ffdfb011921-7ffdfb011925 480->486 487 7ffdfb011927 480->487 481->457 488 7ffdfb011895-7ffdfb011898 481->488 482->481 485 7ffdfb011874 482->485 484->480 485->472 486->487 490 7ffdfb01192e-7ffdfb011930 486->490 487->490 488->457 488->490 490->461 491->474 492 7ffdfb0118f9 491->492 492->474
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE(00000000,?,00000000,00007FFDFB0116A5,?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011702
                                                                                                                                                                                                                                                                    • ?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011712
                                                                                                                                                                                                                                                                    • ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01172F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?simplified@QByteArray@@QEGBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011D8E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011D98
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DA9
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DCF
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DDC
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DE6
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011DF7
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E07
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E17
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ?chop@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E27
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E3F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E49
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB011D70: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDFB011744,?,?,?), ref: 00007FFDFB011E53
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011758
                                                                                                                                                                                                                                                                    • ?type@QMetaType@@SAHPEBD@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011761
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01177E
                                                                                                                                                                                                                                                                    • ?chop@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011795
                                                                                                                                                                                                                                                                    • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0117A2
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0117BC
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0117F3
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011801
                                                                                                                                                                                                                                                                    • memcmp.VCRUNTIME140(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011810
                                                                                                                                                                                                                                                                    • ?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01182A
                                                                                                                                                                                                                                                                    • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB011865
                                                                                                                                                                                                                                                                    • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01188B
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0118A5
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0118B0
                                                                                                                                                                                                                                                                    • PyType_IsSubtype.PYTHON3(?,?,?,00007FFDFB01F99C,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB0118EF
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$With@$?const?endsData@$?chop@?mid@?qstrcmp@@?startsV0@@$?simplified@?type@MetaSubtypeType@@Type_V0@$$memcmp
                                                                                                                                                                                                                                                                    • String ID: PyQt_PyObject$char$const
                                                                                                                                                                                                                                                                    • API String ID: 1833785578-1830622275
                                                                                                                                                                                                                                                                    • Opcode ID: 31749074a6cdef4586681a6069a8d49e6378ceb843544ebfb9ae2ba337138d60
                                                                                                                                                                                                                                                                    • Instruction ID: fc52c159109ab35e19995e337488f500a4641dab7a3c5b25daa7a0316ebd7f9b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31749074a6cdef4586681a6069a8d49e6378ceb843544ebfb9ae2ba337138d60
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A616F36B0AA0392EB288F14E864A7963A0FB56795F545031DBAD436FCDF3CE849D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE850 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 493 7ffdfaede850-7ffdfaede87c PyObject_GetIter 494 7ffdfaede8d5-7ffdfaede8e3 493->494 495 7ffdfaede87e-7ffdfaede887 PyErr_Clear 493->495 496 7ffdfaede8e9 494->496 497 7ffdfaede9ef 494->497 498 7ffdfaede889-7ffdfaede88d 495->498 499 7ffdfaede8c1-7ffdfaede8d4 495->499 502 7ffdfaede8ee call 7ffdfb022300 496->502 503 7ffdfaede9f3 497->503 500 7ffdfaede898-7ffdfaede8a6 PyType_GetFlags 498->500 501 7ffdfaede88f-7ffdfaede892 _Py_Dealloc 498->501 500->499 504 7ffdfaede8a8-7ffdfaede8c0 500->504 501->500 505 7ffdfaede8f3-7ffdfaede916 ??0QByteArray@@QEAA@XZ PyErr_Clear PyIter_Next 502->505 506 7ffdfaede9f5-7ffdfaedea09 503->506 507 7ffdfaede91c 505->507 508 7ffdfaede9b7-7ffdfaede9c0 PyErr_Occurred 505->508 511 7ffdfaede920-7ffdfaede955 507->511 509 7ffdfaede9c6-7ffdfaede9c9 508->509 510 7ffdfaedea71-7ffdfaedea74 508->510 512 7ffdfaede9cb-7ffdfaede9dc ??1?$QVector@VQPointF@@@@QEAA@XZ call 7ffdfb02233c 509->512 513 7ffdfaede9e1-7ffdfaede9e4 509->513 514 7ffdfaedea76-7ffdfaedea79 _Py_Dealloc 510->514 515 7ffdfaedea7f-7ffdfaedea92 510->515 520 7ffdfaedea0a-7ffdfaedea3b PyErr_Format 511->520 521 7ffdfaede95b-7ffdfaede989 ?append@?$QVector@VQPointF@@@@QEAAXAEBVQPointF@@@Z 511->521 512->513 513->497 517 7ffdfaede9e6-7ffdfaede9e9 _Py_Dealloc 513->517 514->515 515->506 517->497 524 7ffdfaedea46-7ffdfaedea49 520->524 525 7ffdfaedea3d-7ffdfaedea40 _Py_Dealloc 520->525 526 7ffdfaede98b-7ffdfaede98e _Py_Dealloc 521->526 527 7ffdfaede994-7ffdfaede9ac PyErr_Clear PyIter_Next 521->527 528 7ffdfaedea4b-7ffdfaedea5c ??1?$QVector@VQPointF@@@@QEAA@XZ call 7ffdfb02233c 524->528 529 7ffdfaedea61-7ffdfaedea64 524->529 525->524 526->527 527->511 530 7ffdfaede9b2 527->530 528->529 529->503 532 7ffdfaedea66-7ffdfaedea6f _Py_Dealloc 529->532 530->508 532->503
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_$Point$ClearF@@@@Vector@$??1?$Iter_Next$?append@?$Array@@ByteF@@@FlagsFormatIterObject_OccurredType_
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'QPointF' is expected
                                                                                                                                                                                                                                                                    • API String ID: 678668582-80789667
                                                                                                                                                                                                                                                                    • Opcode ID: 52fa642c771a3dd77c5169564e1aeb86dd1fe9d847781041da487bd7a5170100
                                                                                                                                                                                                                                                                    • Instruction ID: 47ef4288c1f4c174e46c2fe98cb01906c5afa7c13fe953ed389429ab5eadf4b5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52fa642c771a3dd77c5169564e1aeb86dd1fe9d847781041da487bd7a5170100
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92518626B0AA4385EB45AF15E824A796350BF85F96F084070DE6F077F8DF3DD4499300
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8790 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 533 7ffdfaed8790-7ffdfaed87ba PyObject_GetIter 534 7ffdfaed87bc-7ffdfaed87c5 PyErr_Clear 533->534 535 7ffdfaed8801-7ffdfaed8826 533->535 536 7ffdfaed87f5-7ffdfaed8800 534->536 537 7ffdfaed87c7-7ffdfaed87cb 534->537 538 7ffdfaed882c 535->538 539 7ffdfaed8a81 535->539 540 7ffdfaed87d6-7ffdfaed87e4 PyType_GetFlags 537->540 541 7ffdfaed87cd-7ffdfaed87d0 _Py_Dealloc 537->541 543 7ffdfaed8831 call 7ffdfb022300 538->543 542 7ffdfaed8a84 539->542 540->536 544 7ffdfaed87e6-7ffdfaed87f4 540->544 541->540 545 7ffdfaed8a86-7ffdfaed8aab 542->545 546 7ffdfaed8836-7ffdfaed8865 PyErr_Clear PyIter_Next 543->546 547 7ffdfaed886b 546->547 548 7ffdfaed8a32-7ffdfaed8a3b PyErr_Occurred 546->548 549 7ffdfaed8870-7ffdfaed8898 PyErr_Occurred 547->549 550 7ffdfaed8b3a-7ffdfaed8b3e 548->550 551 7ffdfaed8a41-7ffdfaed8a48 548->551 560 7ffdfaed8aac-7ffdfaed8adf PyErr_Format 549->560 561 7ffdfaed889e-7ffdfaed88a6 549->561 554 7ffdfaed8b49-7ffdfaed8b69 550->554 555 7ffdfaed8b40-7ffdfaed8b43 _Py_Dealloc 550->555 552 7ffdfaed8a5a-7ffdfaed8a60 call 7ffdfaf53ba0 551->552 553 7ffdfaed8a4a-7ffdfaed8a4d 551->553 556 7ffdfaed8a65-7ffdfaed8a76 call 7ffdfb02233c 552->556 553->556 557 7ffdfaed8a4f-7ffdfaed8a58 553->557 554->545 555->554 556->539 569 7ffdfaed8a78-7ffdfaed8a7b _Py_Dealloc 556->569 557->552 557->556 576 7ffdfaed8aea-7ffdfaed8af1 560->576 577 7ffdfaed8ae1-7ffdfaed8ae4 _Py_Dealloc 560->577 564 7ffdfaed88ac-7ffdfaed8901 ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z 561->564 565 7ffdfaed89db-7ffdfaed89e9 ?append@QListData@@QEAAPEAPEAXXZ 561->565 567 7ffdfaed8928-7ffdfaed8955 564->567 568 7ffdfaed8903 564->568 570 7ffdfaed89ec call 7ffdfb022300 565->570 574 7ffdfaed8957 567->574 575 7ffdfaed8981-7ffdfaed8987 567->575 572 7ffdfaed8908 call 7ffdfb022300 568->572 569->539 573 7ffdfaed89f1-7ffdfaed89f4 570->573 582 7ffdfaed890d-7ffdfaed8922 572->582 583 7ffdfaed89f7-7ffdfaed89fc 573->583 584 7ffdfaed8960 574->584 578 7ffdfaed8989-7ffdfaed898c 575->578 579 7ffdfaed899c-7ffdfaed89a2 call 7ffdfaf53ba0 575->579 580 7ffdfaed8b03-7ffdfaed8b09 call 7ffdfaf53ba0 576->580 581 7ffdfaed8af3-7ffdfaed8af6 576->581 577->576 585 7ffdfaed89a7-7ffdfaed89ba 578->585 586 7ffdfaed898e-7ffdfaed899a 578->586 579->585 588 7ffdfaed8b0e-7ffdfaed8b1f call 7ffdfb02233c 580->588 587 7ffdfaed8af8-7ffdfaed8b01 581->587 581->588 582->568 591 7ffdfaed8924 582->591 592 7ffdfaed8a07-7ffdfaed8a24 PyErr_Clear PyIter_Next 583->592 593 7ffdfaed89fe-7ffdfaed8a01 _Py_Dealloc 583->593 594 7ffdfaed8965 call 7ffdfb022300 584->594 595 7ffdfaed89bf call 7ffdfb022300 585->595 586->579 586->585 587->580 587->588 601 7ffdfaed8b2a-7ffdfaed8b35 588->601 602 7ffdfaed8b21-7ffdfaed8b24 _Py_Dealloc 588->602 591->567 592->549 597 7ffdfaed8a2a 592->597 593->592 598 7ffdfaed896a-7ffdfaed897f 594->598 599 7ffdfaed89c4-7ffdfaed89d9 595->599 597->548 598->575 598->584 599->583 601->542 602->601
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocErr_$Clear$Data@@Iter_ListNextOccurred$?append@?detach_grow@Data@1@FlagsFormatIterObject_Type_malloc
                                                                                                                                                                                                                                                                    • String ID: index %zd has type '%s' but 'Qt.DayOfWeek' is expected
                                                                                                                                                                                                                                                                    • API String ID: 3205393565-1341457117
                                                                                                                                                                                                                                                                    • Opcode ID: 3e38f1b7c46ab01ed87556159a1ffb296aa39e59bfe372a285f3a078466b5f86
                                                                                                                                                                                                                                                                    • Instruction ID: c40def86b3b855f845f8e831793a44f8d3b69bbf1a655181467e68fb98ec2565
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e38f1b7c46ab01ed87556159a1ffb296aa39e59bfe372a285f3a078466b5f86
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42B19D36B09A4286EB68DF15E460A7D73A0FB85B95F488131DEAE077A8CF3DE545C700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE9C50 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Variant@@$Eval_Thread$?value@RestoreSaveSettings@@String@@V0@$$V0@@V2@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|J1P0$QSettings$value$value(self, key: Optional[str], defaultValue: Any = None, type: type = None) -> Any
                                                                                                                                                                                                                                                                    • API String ID: 2818949305-3690168466
                                                                                                                                                                                                                                                                    • Opcode ID: da501300d8e4c9a1467bd04c03952b57f63f7599f036e90352552f83ccedb228
                                                                                                                                                                                                                                                                    • Instruction ID: a1d1e03f37aa43473312a5f906cbc4fac3e01f53a522b0463caabcab4567b4e3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da501300d8e4c9a1467bd04c03952b57f63f7599f036e90352552f83ccedb228
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F151F83670AA42D9EB008F65E8A06A973B4FB49B89F400136EE5D43BB8DF38D119D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8030 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 144COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?contains@Bool_FromLongRect@@$Point@@_V1@_
                                                                                                                                                                                                                                                                    • String ID: BJ9|b$Bii$Biib$QRect$contains$contains(self, point: QPoint, proper: bool = False) -> boolcontains(self, rectangle: QRect, proper: bool = False) -> boolcontains(self, ax: int, ay: int, aproper: bool) -> boolcontains(self, ax: int, ay: int) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 430284462-973158268
                                                                                                                                                                                                                                                                    • Opcode ID: c56008104c3f8ec125ddc326882450a224e063fa47611fb344f9eb07ee4bb9c5
                                                                                                                                                                                                                                                                    • Instruction ID: 7c7b5133bc5993d0b646dddd86875ee413ef780d40103e96fb5080a2a16f8474
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c56008104c3f8ec125ddc326882450a224e063fa47611fb344f9eb07ee4bb9c5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9371383770AF82D9DB50CF24E89059D73A8FB49788B550236EA9D43BA8DF38D154D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6400 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 139COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$?addAbstractState@@Transition@$?constData@Object@@SignalState@@@Transition@@Transition@@@
                                                                                                                                                                                                                                                                    • String ID: BJ:$BP0J8$QState$addTransition$addTransition(self, transition: Optional[QAbstractTransition])addTransition(self, signal: pyqtBoundSignal, target: Optional[QAbstractState]) -> Optional[QSignalTransition]addTransition(self, target: Optional[QAbstractState]) -> Optional[QAbstractTransition]
                                                                                                                                                                                                                                                                    • API String ID: 3062659428-469252757
                                                                                                                                                                                                                                                                    • Opcode ID: 32a7cc42e217c3b32b609878c0801cd3eed21623f860bfef971e34cb463b87b9
                                                                                                                                                                                                                                                                    • Instruction ID: a2d0e8099ec69c3c732a8be79684c0f3e149bc533bad28f70926b683cdd02ec7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32a7cc42e217c3b32b609878c0801cd3eed21623f860bfef971e34cb463b87b9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A611C36B19E4689EB408F25E8905AD33B4FB49B99B445132EE5E43BBCDF38D588D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6050 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$Encoding@PercentString@@Url@@V2@1@malloc
                                                                                                                                                                                                                                                                    • String ID: J1|J1J1$QUrl$toPercentEncoding$toPercentEncoding(input: Optional[str], exclude: Union[QByteArray, bytes, bytearray] = QByteArray(), include: Union[QByteArray, bytes, bytearray] = QByteArray()) -> QByteArray
                                                                                                                                                                                                                                                                    • API String ID: 2121729091-966487387
                                                                                                                                                                                                                                                                    • Opcode ID: c5a68747f67848e0cab1bf4a98f49456a627eb3f840af55b1467be332b3a7773
                                                                                                                                                                                                                                                                    • Instruction ID: 85d830e9972c5a12e92843b9f510bd1e3edd5000d233ad9f0c7926e7c7fa2f1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5a68747f67848e0cab1bf4a98f49456a627eb3f840af55b1467be332b3a7773
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651E97670AA42C9DB50CF25E8906AD73A4FB49B88F411136EE9E43BA8DF38D158D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5830 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: PyQt5.QtCore.QRectF(%R, %R, %R, %R)$PyQt5.QtCore.QRectF()
                                                                                                                                                                                                                                                                    • API String ID: 0-3730076195
                                                                                                                                                                                                                                                                    • Opcode ID: 47ae47fcb89296dccfdb3285d934c01b736f4a484a84df1a604c22a37efb288f
                                                                                                                                                                                                                                                                    • Instruction ID: b9cbe7d169386aafb8ce997917f61d9bb7e53545d078c14a19a5b3e56ae1b785
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47ae47fcb89296dccfdb3285d934c01b736f4a484a84df1a604c22a37efb288f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4416F26F09F4281EB569F21A524439A3A4BF46BE1F084171CE7E17BACEF3DE4559310
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDEAA0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 84threadtimeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?wait@Bool_Eval_FromLongThreadThread@@$DeadlineRestoreSaveTimer@@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$B|m$QThread$wait$wait(self, msecs: int = ULONG_MAX) -> boolwait(self, deadline: QDeadlineTimer) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2826871653-119016777
                                                                                                                                                                                                                                                                    • Opcode ID: 9a6392edb69c490349badaed5f4cc0f503163a8d2a4a5e6def22d6e630b6dc1c
                                                                                                                                                                                                                                                                    • Instruction ID: 1de641476c1069cb560877b79c7b7ad94f4548e9f385c552f5ea065f9fb2ecf4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a6392edb69c490349badaed5f4cc0f503163a8d2a4a5e6def22d6e630b6dc1c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6413832B09F86C5DB608B15F494BA973A4FB89791F454236DAAD037A8DF3CD588D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4550 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$?const?receivers@Data@FromLongLong_Object@@
                                                                                                                                                                                                                                                                    • String ID: BP0$QSettings$pyqt5_get_signal_signature$receivers$receivers(self, signal: PYQT_SIGNAL) -> int
                                                                                                                                                                                                                                                                    • API String ID: 4260653144-1824949139
                                                                                                                                                                                                                                                                    • Opcode ID: f5c9328a0e94496a4034ab1558dcb678e71527aea9f92601b023e93c956ef068
                                                                                                                                                                                                                                                                    • Instruction ID: 05b3654c2f81de6bc334be29047240eb5b4fc58ec3b6e239356a772312f990c1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5c9328a0e94496a4034ab1558dcb678e71527aea9f92601b023e93c956ef068
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17310C32B09A47C2EB009B24E8A49B933A5FB85B85F550136DA6E437B8DF3DD949D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1B90 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 129COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@H@Z.QT5CORE ref: 00007FFDFAED1C0B
                                                                                                                                                                                                                                                                    • ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@AEBVQString@@@Z.QT5CORE ref: 00007FFDFAED1CB1
                                                                                                                                                                                                                                                                    • ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@PEAVQWidget@@@Z.QT5CORE ref: 00007FFDFAED1D46
                                                                                                                                                                                                                                                                    • ?setMapping@QSignalMapper@@QEAAXPEAVQObject@@0@Z.QT5CORE ref: 00007FFDFAED1DB8
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setMapper@@Mapping@Signal$Object@@$Object@@0@String@@@Widget@@@
                                                                                                                                                                                                                                                                    • String ID: BJ8J1$BJ8J8$BJ8i$QSignalMapper$setMapping$setMapping(self, sender: Optional[QObject], id: int)setMapping(self, sender: Optional[QObject], text: Optional[str])setMapping(self, sender: Optional[QObject], widget: Optional[QWidget])setMapping(self, sender: Optional[QObject], object: Optional[QObject])
                                                                                                                                                                                                                                                                    • API String ID: 4146508027-390956228
                                                                                                                                                                                                                                                                    • Opcode ID: 460377d547a959e5e3040ae997e8845ffb561d16d8a32de4770b81f35f3f7bd8
                                                                                                                                                                                                                                                                    • Instruction ID: b178dc2ecc781b6fb13ff23b2ad13b0ff0f8ac534704f5c3e060f79ce7fef332
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 460377d547a959e5e3040ae997e8845ffb561d16d8a32de4770b81f35f3f7bd8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5171E436B09F4689EB508F61E8906AD33B4FB49B88F450136EE9D43BA8DF38D158D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2440 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?mapping@QSignalMapper@@QEBAPEAVQObject@@H@Z.QT5CORE ref: 00007FFDFAED24A2
                                                                                                                                                                                                                                                                    • ?mapping@QSignalMapper@@QEBAPEAVQObject@@AEBVQString@@@Z.QT5CORE ref: 00007FFDFAED2532
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?mapping@Mapper@@Object@@Signal$String@@@
                                                                                                                                                                                                                                                                    • String ID: BJ1$BJ8$QSignalMapper$mapping$mapping(self, id: int) -> Optional[QObject]mapping(self, text: Optional[str]) -> Optional[QObject]mapping(self, widget: Optional[QWidget]) -> Optional[QObject]mapping(self, object: Optional[QObject]) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 600360435-2615264203
                                                                                                                                                                                                                                                                    • Opcode ID: 9c7cbf00bc1fe349ecfafbbababc3ff9e031942361720e852b8a2ebb97b513bb
                                                                                                                                                                                                                                                                    • Instruction ID: 672682a055ef32656c55217a7fc4ff72c4503ec04b4a01c76c612abfaa83581d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c7cbf00bc1fe349ecfafbbababc3ff9e031942361720e852b8a2ebb97b513bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A071F936B09F4685EB508F25E8906A933A4FB88B98F455136EE9D43BB8DF3CD158D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9840 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$Size$?removeAbstractAnimation@Animation@@@DefaultItemMachine@@SliceState
                                                                                                                                                                                                                                                                    • String ID: B@J8$QStateMachine$removeDefaultAnimation$removeDefaultAnimation(self, animation: Optional[QAbstractAnimation])
                                                                                                                                                                                                                                                                    • API String ID: 2428026643-2456283626
                                                                                                                                                                                                                                                                    • Opcode ID: a7358daa0422d315e3cba0bf1002c94f7b0e878261502f89cc7d294149b8ffae
                                                                                                                                                                                                                                                                    • Instruction ID: 6382149ad63277d42b8989488769b42f24761e62e792c252cacc36285274b940
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7358daa0422d315e3cba0bf1002c94f7b0e878261502f89cc7d294149b8ffae
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40315E36B0AF8681DB108F11E89496973A5FB49B81F554132CD6E03BB8DF3DD449D300
                                                                                                                                                                                                                                                                    Function 00007FFDFB012340 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?typeName@QVariant@@QEBAPEBDXZ.QT5CORE(?,?,?,00007FFDFB00F0E2), ref: 00007FFDFB01236E
                                                                                                                                                                                                                                                                    • ?qstrcmp@@YAHPEBD0@Z.QT5CORE(?,?,?,00007FFDFB00F0E2), ref: 00007FFDFB012381
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?qstrcmp@@?typeName@Variant@@
                                                                                                                                                                                                                                                                    • String ID: std::nullptr_t
                                                                                                                                                                                                                                                                    • API String ID: 660291479-3224902819
                                                                                                                                                                                                                                                                    • Opcode ID: 063360ae090438d08f8212e8e10dc80bdc4eb44903011e1068cfdd26032c00e1
                                                                                                                                                                                                                                                                    • Instruction ID: b1d5c2c7751f32914d8af257e4857d49238b41db0520e29f082d708256dbc49c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 063360ae090438d08f8212e8e10dc80bdc4eb44903011e1068cfdd26032c00e1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7315D26B0AB4382EB08AF25E9646697360FB46F95F045031DE6E477BCDF3CD495A340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE94A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Text$?setCodec@Stream@@$Codec@@@Dealloc
                                                                                                                                                                                                                                                                    • String ID: B@J8$BAA$QTextStream$setCodec$setCodec(self, codec: Optional[QTextCodec])setCodec(self, codecName: Optional[str])
                                                                                                                                                                                                                                                                    • API String ID: 2919733340-454816448
                                                                                                                                                                                                                                                                    • Opcode ID: 50bdf26e5fe05ee16f6d6da7956f0d2fac94a294052d0bff5c6485f45a6e47f9
                                                                                                                                                                                                                                                                    • Instruction ID: eaa09136efa6e0fdf0156aed1969d755f018b89f8c5c1d22c8d71eef8e8443dc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50bdf26e5fe05ee16f6d6da7956f0d2fac94a294052d0bff5c6485f45a6e47f9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF412536B09F86C1DB508F14E8A46A973A4FB89B91F414132DEAD437B8DF38D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1510 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?tryBool_FromLongPool@@RestoreRunnable@@@SaveTake@
                                                                                                                                                                                                                                                                    • String ID: B@J8$QThreadPool$tryTake$tryTake(self, runnable: Optional[QRunnable]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3437263228-3187251798
                                                                                                                                                                                                                                                                    • Opcode ID: 9c415c97d3a9113e5e10902853c9c3d4e5b50ee40a32029fc3313e7974971fdb
                                                                                                                                                                                                                                                                    • Instruction ID: 2319be02a8bff2c63e476d0c20f9f1788785ad5308b302177a7ffa1f2c378f7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c415c97d3a9113e5e10902853c9c3d4e5b50ee40a32029fc3313e7974971fdb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E211536B09F46C1DB009F11E894AA933A5FB88B80F950136DAAD437B8DF3DD559D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2B50 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 48threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?waitBool_Done@FromLongPool@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: B|i$QThreadPool$waitForDone$waitForDone(self, msecs: int = -1) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 1107703023-4152412479
                                                                                                                                                                                                                                                                    • Opcode ID: 42664793509acd84f411a0113f1c1da914b860044aaa2078fe0e9f70bcbd376e
                                                                                                                                                                                                                                                                    • Instruction ID: 3498aba692b5e88d40c7a68d61e3b8a87829715c038e59d7d9893dd39ab4a8ff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42664793509acd84f411a0113f1c1da914b860044aaa2078fe0e9f70bcbd376e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50214536B09F46C2DB009F10E8988A933A8FB49790F950236DAAD437B8DF3DD959D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE9A90 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setQuery@Url@@$Mode@1@@ParsingQuery@@@String@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$BJ9$QUrl$setQuery$setQuery(self, query: Optional[str], mode: QUrl.ParsingMode = QUrl.TolerantMode)setQuery(self, query: QUrlQuery)
                                                                                                                                                                                                                                                                    • API String ID: 1162291048-1321832202
                                                                                                                                                                                                                                                                    • Opcode ID: 8f48b183cec9c8dad6317b850d9c495254334d61d2c4193055cb5f7ccb6018ca
                                                                                                                                                                                                                                                                    • Instruction ID: 25e63ee71b00096438c90769f9d796f20c68216117f4bcce8adf282f75bef70a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f48b183cec9c8dad6317b850d9c495254334d61d2c4193055cb5f7ccb6018ca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6411236709F82C5DB608B15E894AA973A8FB88B80F514136DEAD43BB8DF39D944C700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE9760 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?setRestoreSaveSettings@@String@@Value@Variant@@@
                                                                                                                                                                                                                                                                    • String ID: BJ1J1$QSettings$setValue$setValue(self, key: Optional[str], value: Any)
                                                                                                                                                                                                                                                                    • API String ID: 1500147538-3203008001
                                                                                                                                                                                                                                                                    • Opcode ID: 51258d1495e568f2b603065fee1c1b55b4570205fba581086f9be1f541aca888
                                                                                                                                                                                                                                                                    • Instruction ID: d88887a6bb2861b9a02cd19dcd62cbdfc826d076e426f175d132c13e03df9154
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51258d1495e568f2b603065fee1c1b55b4570205fba581086f9be1f541aca888
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF31E33AB09F46C5DB408B15E8947A933A4FB49B81F414136CEAE437B8DF39D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED66F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong$?event@Animation@@Event@@@Variant
                                                                                                                                                                                                                                                                    • String ID: BJ8$QPauseAnimation$event$event(self, e: Optional[QEvent]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2082249343-1899240035
                                                                                                                                                                                                                                                                    • Opcode ID: 0050de684b012aff2e452a0408538a45fa5b25a4838fb6d897e0b7668dc7ec20
                                                                                                                                                                                                                                                                    • Instruction ID: cfb365ed468ea7a58a10318817ed592b535e6e6deb7ceea26b6794303b46fd15
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0050de684b012aff2e452a0408538a45fa5b25a4838fb6d897e0b7668dc7ec20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC212C32B0AB46C2EB408B25E4A466A77A5FB85B85F540132DA9D03BBCDF3CD158DB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0AC0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong$?event@AnimationEvent@@@Group@@Parallel
                                                                                                                                                                                                                                                                    • String ID: BJ8$QParallelAnimationGroup$event$event(self, event: Optional[QEvent]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 1949902271-1835578713
                                                                                                                                                                                                                                                                    • Opcode ID: d7609c894c63d48c6d5900a390248e553ad8a1a050013cc2344def42d66676e0
                                                                                                                                                                                                                                                                    • Instruction ID: 911880142413821c1dbba35790d56b12146141b90c8ff40da23805f3f1dc2f0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7609c894c63d48c6d5900a390248e553ad8a1a050013cc2344def42d66676e0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D212E32B4AB46D2EB409B25E4A466A73A4FB85B85F440132DA9D03BBCDF3CD558D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8A90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong$?event@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QState$event$event(self, e: Optional[QEvent]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 822511424-325876635
                                                                                                                                                                                                                                                                    • Opcode ID: b853ca54c50ac8be8a54ff1e3648b27333f4c7e77643dfba85c103f915454218
                                                                                                                                                                                                                                                                    • Instruction ID: fc21cbedab77768f1e421202f86f059e302e94c17f40d47b84e8a69d0a17e963
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b853ca54c50ac8be8a54ff1e3648b27333f4c7e77643dfba85c103f915454218
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB212C72B0AB46D2EB409B15E4A466A73A4FB85B85F440132DA9D03BBCDF3CE558DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDCD40 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong$?event@Event@@@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: BJ8$QStateMachine$event$event(self, e: Optional[QEvent]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 1600778447-236926819
                                                                                                                                                                                                                                                                    • Opcode ID: 2073d9d53067d11a57a8db5a15424ab3d1d7f9c81d65b21eed497d1b336744fc
                                                                                                                                                                                                                                                                    • Instruction ID: 3895a6fd0dd1043081ca11bfa3d1a616b9a861c18e8862406bc017836738ecfe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2073d9d53067d11a57a8db5a15424ab3d1d7f9c81d65b21eed497d1b336744fc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C212E32B0AB46D2EB408B25E85467977A4FB85B85F440136DA9E03BBCDF3CD159D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0510 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong$?event@Event@@@Thread@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QThread$event$event(self, event: Optional[QEvent]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 275554757-4038655122
                                                                                                                                                                                                                                                                    • Opcode ID: c238b3adbb25a394658f1e8c8a1cb0a2a2bee83da09dba4b041f2cd676e52d14
                                                                                                                                                                                                                                                                    • Instruction ID: f6ec742ff3027a517dba02af92ac9ed8bc5446bb734cd513c957572941ac0492
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c238b3adbb25a394658f1e8c8a1cb0a2a2bee83da09dba4b041f2cd676e52d14
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4214B32B0AB46C2EB509B15E4A06AA73A4FB85B85F440132DE9E03BB8DF3CD558D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8D00 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$?addAbstractAnimation@Animation@@@AppendDefaultMachine@@State
                                                                                                                                                                                                                                                                    • String ID: B@J8$QStateMachine$addDefaultAnimation$addDefaultAnimation(self, animation: Optional[QAbstractAnimation])
                                                                                                                                                                                                                                                                    • API String ID: 2982876718-3846580997
                                                                                                                                                                                                                                                                    • Opcode ID: 2319c0bbc2b0e5c14839a074e06c73097878da6c9dd1ebb54679b05e232ef4e6
                                                                                                                                                                                                                                                                    • Instruction ID: 85faaa5c3fdc13238c747a745e45f883b0f6ad3d3e57513157f1e63aa8a3920d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2319c0bbc2b0e5c14839a074e06c73097878da6c9dd1ebb54679b05e232ef4e6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6631F436B0AF46C1DF508B15E8A86A933A4FB89B85F454136CAAE437B8DE3DD409D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE36C0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QSettings$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 10903585-1923977017
                                                                                                                                                                                                                                                                    • Opcode ID: 02d78c1073b1825bceceb936d98993a3a6793b5d03483cba13449456f217b677
                                                                                                                                                                                                                                                                    • Instruction ID: a9bfa34ebd9a0f12d92052c136cfdd157f23c4fac48b5bf94f046818b77952a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02d78c1073b1825bceceb936d98993a3a6793b5d03483cba13449456f217b677
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77212D36B0AB4781DB409B15E8A4A6933A4FB89BD4F550031CEAE03BB8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3680 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QPauseAnimation$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 10903585-2287974321
                                                                                                                                                                                                                                                                    • Opcode ID: 34be463e7fda450860b6cff9639995aadae2ac81123449be42b33557ffdb89d2
                                                                                                                                                                                                                                                                    • Instruction ID: fa457cb7e14df21b9fd896b77d3baca2494c3cc19aa0fa6a6fd73f6a273285bd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34be463e7fda450860b6cff9639995aadae2ac81123449be42b33557ffdb89d2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D214B26B0AE4780EB408B11E868AA973A0FB89BD4F540031DAAD03BB8DF3CD549D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8F70 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QThread$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 10903585-518380420
                                                                                                                                                                                                                                                                    • Opcode ID: 002edc761ca755f706727e216780d0f7d6716899079693f5f1a6af103702e402
                                                                                                                                                                                                                                                                    • Instruction ID: c689c9c1422f2b8132a1671e270b6e514f9e7d373eb7572b771b051b4ec36957
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 002edc761ca755f706727e216780d0f7d6716899079693f5f1a6af103702e402
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43214B26B0AB4780DB409F11E868AA933A0FB89BC4F544031CEAD43BB8DF3DD549D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDD950 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QParallelAnimationGroup$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 10903585-1082883908
                                                                                                                                                                                                                                                                    • Opcode ID: a0268efa25c941b10a2fbd23a3d653f573a225393c2da1c0ab0c2ec647d5dff2
                                                                                                                                                                                                                                                                    • Instruction ID: 1f644dab0df0f79ee33bfe87ed867f15914ca44e3b31ea4b49d2fc9c8044332d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0268efa25c941b10a2fbd23a3d653f573a225393c2da1c0ab0c2ec647d5dff2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34212D26B0AB4780DB409F15E8A8A6933A4FB89B94F544031CAAE43BB8DF3DD545D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2D20 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QState$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                                                    • API String ID: 10903585-4199275932
                                                                                                                                                                                                                                                                    • Opcode ID: c9591aff223ef66658addebb484283180abcf1550220048600b03df2a7213886
                                                                                                                                                                                                                                                                    • Instruction ID: 1ea17052b40ae7d2db35987584e99eee164b579f1d927f6993ece1af613ae6b2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9591aff223ef66658addebb484283180abcf1550220048600b03df2a7213886
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D212B36B0AB4780EB409F15E8A8AA933A4FB89B95F550031CE6D43BB8DE3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEAEB0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?remove@RestoreSaveSettings@@String@@@
                                                                                                                                                                                                                                                                    • String ID: BJ1$QSettings$remove$remove(self, key: Optional[str])
                                                                                                                                                                                                                                                                    • API String ID: 1384682198-625152439
                                                                                                                                                                                                                                                                    • Opcode ID: 8a7f166b75cce9e4df36e3544507a71867f7640f6412dad030b8c21405c1ae09
                                                                                                                                                                                                                                                                    • Instruction ID: 2d123a22c655e5d440143ce2fb0daa613f01e428b4f1d00a4d61276c20da9ba9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a7f166b75cce9e4df36e3544507a71867f7640f6412dad030b8c21405c1ae09
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10210636B09F46C1DB408F11E894AA933A4FB89B81F454136CEAE43778DF39D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDFAA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?exec@FromLongLong_RestoreSaveThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$exec_$exec_(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 349948737-1681124029
                                                                                                                                                                                                                                                                    • Opcode ID: 6010e95a424ae24f3300a9daa8f6ac50ab4bec20ac430bdd10f97ff78b060640
                                                                                                                                                                                                                                                                    • Instruction ID: 61731caf1dcc159960527af636dcee0f579dfc2437fc23312c4f24d31c0f030a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6010e95a424ae24f3300a9daa8f6ac50ab4bec20ac430bdd10f97ff78b060640
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02111626B09B4781DB009F10E8A8AA933A4FB89B85F950032CE6E037B8CF7DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2270 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?activeCount@FromLongLong_Pool@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$activeThreadCount$activeThreadCount(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2091340278-2843808429
                                                                                                                                                                                                                                                                    • Opcode ID: f7f55542674fe485fd01bb145c1d0ad9d0ebea9096d8840e83789b7f7d20df34
                                                                                                                                                                                                                                                                    • Instruction ID: c73f1dd659c4be11e298f780c089bb463b0597610122e4a73ce8a712a9b0a604
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7f55542674fe485fd01bb145c1d0ad9d0ebea9096d8840e83789b7f7d20df34
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B110725B09B4781DB009B51E898AA933A4FB49B85F540032DE6E037B8DE7DD559D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDFD10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?exec@FromLongLong_RestoreSaveThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$exec$exec(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 349948737-793218595
                                                                                                                                                                                                                                                                    • Opcode ID: 753f10e0967cc65bf346c3957ea999c0e8659930c2d5496891267131e01b34d2
                                                                                                                                                                                                                                                                    • Instruction ID: 20c551d98b1d9fb7b5aa2bc809c64a68c66254fe8942102473f1d151f61ff715
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 753f10e0967cc65bf346c3957ea999c0e8659930c2d5496891267131e01b34d2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE111626B09B47C1DB009F50E898AA933A4FB89B85F940032CE6E037B8CF7DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFB01FF50 Relevance: 12.1, APIs: 8, Instructions: 121COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Base@@$DataV0@@$?createDict_NextNode@String@@0@Variant@@$?recalcArray@@ByteData@LeftMostNodeU2@_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3958160694-0
                                                                                                                                                                                                                                                                    • Opcode ID: 70b650c7d53318ed30b486318616c760c63ec9a323e4123c5a5a51b1a4004d77
                                                                                                                                                                                                                                                                    • Instruction ID: 36cbd5974ae4a435174182def8174d9d6e27c6d061cf7294ad2562ac9f05067d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70b650c7d53318ed30b486318616c760c63ec9a323e4123c5a5a51b1a4004d77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB515D2670AA4295EB208F15E464BAA6360FB8AB89F444031DE9E07BB8DF3DD549D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAF4F9B0 Relevance: 12.1, APIs: 8, Instructions: 116COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@Byte$V0@@$Data@@List$?append@?detach_grow@?dispose@Data@1@Data@1@@
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3083179296-0
                                                                                                                                                                                                                                                                    • Opcode ID: b15846860c42728bb0949dcce90bd4bea6e92e0cd8e56a1ec0c6beb2d24e6d33
                                                                                                                                                                                                                                                                    • Instruction ID: d771cffb1619b79fd034f145363fcc9fbd91e676494198485da01e9ca5029931
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b15846860c42728bb0949dcce90bd4bea6e92e0cd8e56a1ec0c6beb2d24e6d33
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F841AF72B45A42C6CB20CF05E8906ADB365FB85FE5B494222DE5E477A8DF7CD149C700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED6D10 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 188COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ??0QRectF@@QEAA@AEBVQPointF@@AEBVQSizeF@@@Z.QT5CORE ref: 00007FFDFAED6DFE
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: F@@@PointRectSizemalloc
                                                                                                                                                                                                                                                                    • String ID: J1J1$J1J9$dddd
                                                                                                                                                                                                                                                                    • API String ID: 3440463698-2828808006
                                                                                                                                                                                                                                                                    • Opcode ID: 6bf79a340615c75e6e00bb6bb0cda3b2d62b4fd78067d13e3fd056553d44affd
                                                                                                                                                                                                                                                                    • Instruction ID: ad88f8d64de105d3bc4e85f8cdebddb20c1a2609ce991440d3cde1f593008ef9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bf79a340615c75e6e00bb6bb0cda3b2d62b4fd78067d13e3fd056553d44affd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61913832B19F4285EB508F61E8906AE77B4FB89B84F044136EE9E53BA8DF38D154D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8020 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?fromUserInput@QUrl@@SA?AV1@AEBVQString@@@Z.QT5CORE ref: 00007FFDFAEE80A3
                                                                                                                                                                                                                                                                    • ?fromUserInput@QUrl@@SA?AV1@AEBVQString@@0V?$QFlags@W4UserInputResolutionOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE819E
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • fromUserInput, xrefs: 00007FFDFAEE8203
                                                                                                                                                                                                                                                                    • QUrl, xrefs: 00007FFDFAEE820A
                                                                                                                                                                                                                                                                    • fromUserInput(userInput: Optional[str]) -> QUrlfromUserInput(userInput: Optional[str], workingDirectory: Optional[str], options: Union[QUrl.UserInputResolutionOptions, QUrl.UserInputResolutionOption] = QUrl.DefaultResolution) -> QUrl, xrefs: 00007FFDFAEE81F8
                                                                                                                                                                                                                                                                    • J1J1|J1, xrefs: 00007FFDFAEE815D
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: User$?fromInput@Url@@$Flags@InputOption@ResolutionString@@0String@@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: J1J1|J1$QUrl$fromUserInput$fromUserInput(userInput: Optional[str]) -> QUrlfromUserInput(userInput: Optional[str], workingDirectory: Optional[str], options: Union[QUrl.UserInputResolutionOptions, QUrl.UserInputResolutionOption] = QUrl.DefaultResolution) -> QUrl
                                                                                                                                                                                                                                                                    • API String ID: 3338128320-1250832000
                                                                                                                                                                                                                                                                    • Opcode ID: 346685f96b4d23ab335cae162664beb55038d481ff9af38b1e52c5db6e87d8ed
                                                                                                                                                                                                                                                                    • Instruction ID: 372dc3b36b1f82ec3f94d4fb706aef57e5d1306ca39824e6565fbc29f35f02f5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 346685f96b4d23ab335cae162664beb55038d481ff9af38b1e52c5db6e87d8ed
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0351F83670AB52C9DB508F25E890A9973A4FB89B88F511136EE9E43BA8DF38D154D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE00C0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?movePoint@@@Rect@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$Bii$QRect$moveTo$moveTo(self, ax: int, ay: int)moveTo(self, p: QPoint)
                                                                                                                                                                                                                                                                    • API String ID: 3912575327-224731838
                                                                                                                                                                                                                                                                    • Opcode ID: 225745ad98d2288bbae363526bb3db982b8175dfeb2381aed6e16711e8623b48
                                                                                                                                                                                                                                                                    • Instruction ID: 0b7cfce63b80bf26d0798b6a0c9a3aa31fb937582527d2ee52cd10945af18fa4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 225745ad98d2288bbae363526bb3db982b8175dfeb2381aed6e16711e8623b48
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5315772B09B46C2DB40CF18E8945A973A4FB48B80F514236DAAD43778DF3DD995CB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDF430 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?translate@Point@@@Rect@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$Bii$QRect$translate$translate(self, dx: int, dy: int)translate(self, p: QPoint)
                                                                                                                                                                                                                                                                    • API String ID: 1205552514-3907456278
                                                                                                                                                                                                                                                                    • Opcode ID: 23ec6a6c55cf78e6672d3d679fd5a1a1e11de4adff75d12dd3f3e1a536de5257
                                                                                                                                                                                                                                                                    • Instruction ID: 42e5d1ed396688d5bec00010472feeb0b1f4863aa33055da7eaa40973f4e398f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23ec6a6c55cf78e6672d3d679fd5a1a1e11de4adff75d12dd3f3e1a536de5257
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8313732B09F46C2DB40CB15E8949A933A4FB88B94F544132DAAD43778DF3DD946DB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDF550 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?run@RestoreSaveThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$run$run(self)
                                                                                                                                                                                                                                                                    • API String ID: 2167330770-4075155227
                                                                                                                                                                                                                                                                    • Opcode ID: 8ddbf6e232341b89f8be49dd99089454e181f6956e3a8e92f8c16a6183fa6fa8
                                                                                                                                                                                                                                                                    • Instruction ID: 3c1167629d8f952fc6788e312e806e0a00fdbd3ed376642358e52cd2f81f5ceb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ddbf6e232341b89f8be49dd99089454e181f6956e3a8e92f8c16a6183fa6fa8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A216926B09E4781EB009F15F860AA963A0FF85B94F544432CEAE07BB8DF7DD448E700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0770 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_$?duration@AnimationGroup@@Parallel
                                                                                                                                                                                                                                                                    • String ID: QParallelAnimationGroup$duration$duration(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2114590456-42393488
                                                                                                                                                                                                                                                                    • Opcode ID: d1f720af9689307feb02a2d603f5a4d62f0ea92a7c6e41d9208acbc5a957751a
                                                                                                                                                                                                                                                                    • Instruction ID: bc07c0cbb8899fd4c532947ab29fee1a6ad6f7404240eb10cbe46f6b8be28122
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1f720af9689307feb02a2d603f5a4d62f0ea92a7c6e41d9208acbc5a957751a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B213066B09B47C1EB409B64E864A69B3A0FF85B95F480131DE9E43BB8DF3CD558D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8C10 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?childKeys@List@@RestoreSaveSettings@@Stringmalloc
                                                                                                                                                                                                                                                                    • String ID: QSettings$childKeys$childKeys(self) -> List[str]
                                                                                                                                                                                                                                                                    • API String ID: 1282528583-507579873
                                                                                                                                                                                                                                                                    • Opcode ID: 353e0a2a6e3c63f433f7b68d1d4bedd936ea5c97251f3bdc7b4b802c56c1c3c4
                                                                                                                                                                                                                                                                    • Instruction ID: 356e51bc9bab3002c87e70461124c2df93ea09e69c4a4e32421a504a348bc102
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 353e0a2a6e3c63f433f7b68d1d4bedd936ea5c97251f3bdc7b4b802c56c1c3c4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51213B26B09F4781DB009B15E868AA923A4FB4ABC5F950032DE6E037B8CF3DD509D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8900 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?allKeys@List@@RestoreSaveSettings@@Stringmalloc
                                                                                                                                                                                                                                                                    • String ID: QSettings$allKeys$allKeys(self) -> List[str]
                                                                                                                                                                                                                                                                    • API String ID: 4024329053-3406561710
                                                                                                                                                                                                                                                                    • Opcode ID: 2ee6c2000bf8be59e268946191b39accb2f8b8631a355c35aca972355d6c59c7
                                                                                                                                                                                                                                                                    • Instruction ID: d9b451f24068f5fbe1c2b035e8d5a1fb88f1c5e12ae11879f8ee96088ce74278
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ee6c2000bf8be59e268946191b39accb2f8b8631a355c35aca972355d6c59c7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75213826B1AB4781DB009B15E868AA933A4FB89BC5F850032DE6E037B8CE3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE90D0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?childGroups@List@@RestoreSaveSettings@@Stringmalloc
                                                                                                                                                                                                                                                                    • String ID: QSettings$childGroups$childGroups(self) -> List[str]
                                                                                                                                                                                                                                                                    • API String ID: 1654325679-1735480775
                                                                                                                                                                                                                                                                    • Opcode ID: 4994c7a4472ce67f98f5bb9ddf499d53fd01ad6ca816052b88be7c317e28e2c8
                                                                                                                                                                                                                                                                    • Instruction ID: 81affb2f2b1e95584963efd4b24b96ee1fe11c552736d9cc08269ecfdd7b636b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4994c7a4472ce67f98f5bb9ddf499d53fd01ad6ca816052b88be7c317e28e2c8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9213826B09B4781DB009B11E868AA963A4FB8ABC5F950032DE6E037B8CE3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB020 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?attach@AccessBool_FromLongMemory@@Mode@1@@Shared
                                                                                                                                                                                                                                                                    • String ID: B|E$QSharedMemory$attach$attach(self, mode: QSharedMemory.AccessMode = QSharedMemory.ReadWrite) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 1775711723-2530152233
                                                                                                                                                                                                                                                                    • Opcode ID: 612d410922b9e28ec63c6f68d3e7c3f55f3f95e2cdb6d9cd2592bf8866cc9a4f
                                                                                                                                                                                                                                                                    • Instruction ID: 16c42eb533ff65cb85c6bed83b7295112441651d64d7e74d1709f00b58ed228b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 612d410922b9e28ec63c6f68d3e7c3f55f3f95e2cdb6d9cd2592bf8866cc9a4f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25111736B0AB56D1DB00DF10E8989AC33A8FB48781F910136DAAD437B4DF39D599D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1FF0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?setCount@Pool@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$setMaxThreadCount$setMaxThreadCount(self, maxThreadCount: int)
                                                                                                                                                                                                                                                                    • API String ID: 2689909943-179946481
                                                                                                                                                                                                                                                                    • Opcode ID: 8c24f1dbe9d8775b6b95d032288c98b1e59c0d2d5e38d3ee526a43527a94bf4e
                                                                                                                                                                                                                                                                    • Instruction ID: dd8b03e81d7af7f1d522f667bbacae257fc1284d9739cf9ccceb182d91b6e145
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c24f1dbe9d8775b6b95d032288c98b1e59c0d2d5e38d3ee526a43527a94bf4e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7110336B09E47C1DB009B11E8A8AA933A5FB49B85F540132CA6E03778DF7DD55AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1B60 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?port@FromLongLong_Url@@
                                                                                                                                                                                                                                                                    • String ID: B|i$QUrl$port$port(self, defaultPort: int = -1) -> int
                                                                                                                                                                                                                                                                    • API String ID: 698974208-330255048
                                                                                                                                                                                                                                                                    • Opcode ID: 885b996969eae35574fef83fe16dfbc3ac3999b052fd8ab0dd94db4c74e92f5c
                                                                                                                                                                                                                                                                    • Instruction ID: b7a9218584f660df6ca3a24a7e4e6ed5a8856698b893557a8eb173e3dcdb1f1d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 885b996969eae35574fef83fe16dfbc3ac3999b052fd8ab0dd94db4c74e92f5c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D110736B19F06C2DB109F50E8988AC33A8FB48750B914236CAAD437B4DF39D959D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA740 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?postDelayedEvent@Event@@FromLongLong_Machine@@State
                                                                                                                                                                                                                                                                    • String ID: BJ:i$QStateMachine$postDelayedEvent$postDelayedEvent(self, event: Optional[QEvent], delay: int) -> int
                                                                                                                                                                                                                                                                    • API String ID: 4154015513-571034518
                                                                                                                                                                                                                                                                    • Opcode ID: beae61ba05f4017bce98284cbabe8eb27b795d38e60c88e3f7d30600ff97c5ba
                                                                                                                                                                                                                                                                    • Instruction ID: fafe12d84215d349019a8dea04efdeae641e7f2b08ad7aff932d585778b68cb5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: beae61ba05f4017bce98284cbabe8eb27b795d38e60c88e3f7d30600ff97c5ba
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50111336B1AF46C1DB108F11E898AAD33A4FB49B85F814136CAAD437B8DF39D949D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6750 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?clear@RestoreSaveSettings@@
                                                                                                                                                                                                                                                                    • String ID: QSettings$clear$clear(self)
                                                                                                                                                                                                                                                                    • API String ID: 655826126-2469259948
                                                                                                                                                                                                                                                                    • Opcode ID: 9c42a44b19c1e5ee120489b911addbb01fabbdf1e11dcdf48808d3ac4e9c2591
                                                                                                                                                                                                                                                                    • Instruction ID: d8f0b71e1ebf788dfd3a12bf4872ded05f7e8b51bdd05a13d38bac57276f905b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c42a44b19c1e5ee120489b911addbb01fabbdf1e11dcdf48808d3ac4e9c2591
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9211D426B09F47C1DB009B51E898AA933A4FB45B81F550032CE6E037B8CE7DD54AD340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2F00 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?clear@Pool@@RestoreSave
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$clear$clear(self)
                                                                                                                                                                                                                                                                    • API String ID: 3033650186-204747674
                                                                                                                                                                                                                                                                    • Opcode ID: 554ac7a5205d9b8225257391e5cc4b528d0c2abc363f812f84c34d11d88237f1
                                                                                                                                                                                                                                                                    • Instruction ID: 79eadecb46d27f056ce4615d61a5977f669f7e9d640229af53b4b41b41742b30
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 554ac7a5205d9b8225257391e5cc4b528d0c2abc363f812f84c34d11d88237f1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF11E625B09F47C1DB009F51E898AA933A4FB45B85F550032DE6E037B8CE7DD519D780
                                                                                                                                                                                                                                                                    Function 00007FFDFAED26C0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Thread$Eval_$?reservePool@@RestoreSaveThread@
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$reserveThread$reserveThread(self)
                                                                                                                                                                                                                                                                    • API String ID: 3462233908-3692173339
                                                                                                                                                                                                                                                                    • Opcode ID: fcbfeb59da2c263a51d8e0b363a895ea3a777cbf14be777b6355976f03034a18
                                                                                                                                                                                                                                                                    • Instruction ID: 8e04ded42a5948e82c129e8cc22abcb3bf37d4cd04a39c08634433817039c662
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcbfeb59da2c263a51d8e0b363a895ea3a777cbf14be777b6355976f03034a18
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC11E625B09F47C1DB009F11E894AA933A4FB45B85F554032DE6E037B8DE7DD519D780
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5B20 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: BJ9$QState$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 544305041-1883786843
                                                                                                                                                                                                                                                                    • Opcode ID: aca58a52336eaa6ec5320b023a7323f7fe65f1c8030e1b5a0277cb872d6615f5
                                                                                                                                                                                                                                                                    • Instruction ID: 9cd7d2c1c921ef1e20202ef4a38385f5e98a4d15523f6e71df88f97140b3860a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aca58a52336eaa6ec5320b023a7323f7fe65f1c8030e1b5a0277cb872d6615f5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00111C32B19E47D1DB409F14E898AA833A4FB45B85F910132CAAD033B8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3ED0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?contains@Bool_FromLongPool@@ThreadThread@@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QThreadPool$contains$contains(self, thread: Optional[QThread]) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2701345744-696671335
                                                                                                                                                                                                                                                                    • Opcode ID: 04e459edcaffddf262371ecc6cff4c0e6219fbbed4f3ac17cd321c2a6d0db835
                                                                                                                                                                                                                                                                    • Instruction ID: c60f49bbc9784961236a7507d482be6ecc1e6188d9a1c08414a658574f8a9df7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04e459edcaffddf262371ecc6cff4c0e6219fbbed4f3ac17cd321c2a6d0db835
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC114832B19E47C1DB009F11E898AA833A4FB45B85F910032DA6D033B8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED7260 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: BJ9$QStateMachine$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 544305041-2912192633
                                                                                                                                                                                                                                                                    • Opcode ID: dc501f9f34719d089c318cc5556fb5454fc45eedb0ba2a88cafd5ec2a42b92bb
                                                                                                                                                                                                                                                                    • Instruction ID: 8aeb62746513fa068e1203b82211698f7b4112f53b1fd25d94f9621b6586e1d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc501f9f34719d089c318cc5556fb5454fc45eedb0ba2a88cafd5ec2a42b92bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C113632B19E47C1DB409F14E898AA833A4FB49B85F920032CAAD033B8DF3DD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9FD0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: BJ9$QSharedMemory$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 544305041-2940594652
                                                                                                                                                                                                                                                                    • Opcode ID: 308f1d551b4416769276bb8df35d331a4dc6056b6b89b690b3c414d2a92767a3
                                                                                                                                                                                                                                                                    • Instruction ID: 904dd29b3717e8f4c047e43d5d7f4f0a30aa1acd9d63b9f0944edf119a0e4285
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 308f1d551b4416769276bb8df35d331a4dc6056b6b89b690b3c414d2a92767a3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8111832B19E47D1DB409F14E8A8AA833A4FB45B85F910136CAAD037B8DF3DD999D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1920 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: BJ9$QSignalMapper$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 544305041-642788847
                                                                                                                                                                                                                                                                    • Opcode ID: 7d6585b775b8b9d7dd8b53330ee1fc1bb85d5bf8162067eae80364293af9c80d
                                                                                                                                                                                                                                                                    • Instruction ID: a3f6ffaa2e7719a2166fb61fcfb11cb712cd1517adb8d20f42bf917160d70bf7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d6585b775b8b9d7dd8b53330ee1fc1bb85d5bf8162067eae80364293af9c80d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C113632B19E47D1DB408F14E898AA833A4FB49B85F920032CAAD033B8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED54F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: BJ9$QPauseAnimation$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 544305041-2515147419
                                                                                                                                                                                                                                                                    • Opcode ID: 58210d1edb11c747ef1b1f5e4e47046c46e41f69797b694990a3321f4aaa13c9
                                                                                                                                                                                                                                                                    • Instruction ID: a07952c8e1749d1efc94d8f8a1cff9f8926cd316c70aceb422921e0f66b18b23
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58210d1edb11c747ef1b1f5e4e47046c46e41f69797b694990a3321f4aaa13c9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6110636B19E47D1EB409F14E898AA833A4FB45B85F910132CAAD037B8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2FC0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLongParentUrl@@V1@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QUrl$isParentOf$isParentOf(self, url: QUrl) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 434983279-2668343678
                                                                                                                                                                                                                                                                    • Opcode ID: a423ba5ab5ef4075ab5c55dc3abd1682a03bb7be33ac77f94da9ff6a51b4f7f8
                                                                                                                                                                                                                                                                    • Instruction ID: 220c95de467c9f96b43bf3a3832b901b5cca38811b6337b3d482746cef5840c6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a423ba5ab5ef4075ab5c55dc3abd1682a03bb7be33ac77f94da9ff6a51b4f7f8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B111536B19E46C1DB009F24E8A8AA933A5FB44B95F910136CA6D033A8CF3DD959D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?sleep@RestoreSaveThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$sleep$sleep(a0: int)
                                                                                                                                                                                                                                                                    • API String ID: 1327883485-3007920498
                                                                                                                                                                                                                                                                    • Opcode ID: d2068ab1dbde12697089ef3c99e2313f453ee37940c3b798dc78d3176c37fa9e
                                                                                                                                                                                                                                                                    • Instruction ID: fc3095137753a19888fd00e50544b3dbf20b325e6dfb202566b390220b7767aa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2068ab1dbde12697089ef3c99e2313f453ee37940c3b798dc78d3176c37fa9e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8012D26B0AE47C1DB009F15E894AA92370FB8AB86F940032DE5E037B8CF7CD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0BC0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Thread$?msleep@RestoreSaveThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$msleep$msleep(a0: int)
                                                                                                                                                                                                                                                                    • API String ID: 3332855386-1916411714
                                                                                                                                                                                                                                                                    • Opcode ID: b258c3d7543c455468f07a3ee5769ef7e8001cfdcc9e883157382a6079120437
                                                                                                                                                                                                                                                                    • Instruction ID: c12837f2076fd4559df6e4b19d0914a9c277ad67e7a44265c14fb141d88972da
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b258c3d7543c455468f07a3ee5769ef7e8001cfdcc9e883157382a6079120437
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F011B26B0AE07C1DB009F15E8946A92370FB8AB86F941032DE5E037B8CE3CD509D700
                                                                                                                                                                                                                                                                    Function 00007FFDFB01F810 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F846
                                                                                                                                                                                                                                                                    • ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F87A
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON3(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F8B0
                                                                                                                                                                                                                                                                    • PyDict_SetItem.PYTHON3(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F8C6
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON3(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F8D7
                                                                                                                                                                                                                                                                    • _Py_Dealloc.PYTHON3(?,?,00000000,00007FFDFB01FCE3,?,?,?,?,?,00000000,00000000,00007FFDFAEE9D81), ref: 00007FFDFB01F8E6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Dealloc$Array@@ByteDict_ItemString@@V0@@malloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1626237497-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1e2328af104f50e92ac9f2e4723401cb44dec1b1aa175632cd8138902f49b62e
                                                                                                                                                                                                                                                                    • Instruction ID: 1d823ae62094586c4cc89ad9284b69b0f6120e220ea8f37b7fde196c777071f5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e2328af104f50e92ac9f2e4723401cb44dec1b1aa175632cd8138902f49b62e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15217431F0AA4381EB589B26A92463D6290BF8BFD5F085130DE6E07BEDDE3CD4046300
                                                                                                                                                                                                                                                                    Function 00007FFDFAED42D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_RectSubtypeType_V0@@
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 1917406712-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 4b9f03a94d3a2c535d916d26c6848e1a16a1385f9280d0e6222fba1e549a65ae
                                                                                                                                                                                                                                                                    • Instruction ID: d62aff41ca0f79a451eef7ef0bb9a4c8c061ede447214807fbef36ddc9fc1aac
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9f03a94d3a2c535d916d26c6848e1a16a1385f9280d0e6222fba1e549a65ae
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B312F36B09B4682EB449B1AF85056973A1FB99BC5F094131DEAE03BB8DF3CE495D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4840 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_RectSubtypeType_V0@@
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 1917406712-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 9db871df8ee55b2689b91c645be820561ed813ce36510fa8dcea4645749aed48
                                                                                                                                                                                                                                                                    • Instruction ID: f4336d982e6d1e9e9449ba8b3f9fb3a9bab5323e61f45f2f1eb6475d054b9c8a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9db871df8ee55b2689b91c645be820561ed813ce36510fa8dcea4645749aed48
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88311D36B09B4782EB449B16F8505696361FB89BC5F094131DEAE03BB8DF3CE195D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8330 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_Margins@@@Rect@@SubtypeType_
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 748444045-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 312b479ec2c61ec790f49a9b61ade95dfc43627e72c028b5f8d1dc15988eaf07
                                                                                                                                                                                                                                                                    • Instruction ID: eff15fb8b92d2f2d27dee83dfedc7df94441d5a2ebd9c8d516b0a02e507ad461
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 312b479ec2c61ec790f49a9b61ade95dfc43627e72c028b5f8d1dc15988eaf07
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13311D26B09B4681DB449B16F89056963B0FB89BD5F490432DEAE43BBCDF3DE485D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE87C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_Margins@@@Rect@@SubtypeType_
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 748444045-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 3dea921ded1e2407ddd740c4523c9547a3f2610ea6617b893885d1f712858263
                                                                                                                                                                                                                                                                    • Instruction ID: ab3fcf9e0266f4060bb202713f8e5c957ff56b1a3abfbf0868a2a8e2ef9f6eba
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dea921ded1e2407ddd740c4523c9547a3f2610ea6617b893885d1f712858263
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA311E26B09B8681EB449B06F890569A370FB89BD5F494031DE9E43BBCDF3DE485D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3F80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_F@@@MarginsRectSubtypeType_
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 3277776795-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: a85259cbbe16e382b60a5bca209e71ce2fd514e389f10707841376fa1c2dc493
                                                                                                                                                                                                                                                                    • Instruction ID: 79c87285330067c4c90012a6d11850afd31390ccc4309b824e207a462cc52248
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a85259cbbe16e382b60a5bca209e71ce2fd514e389f10707841376fa1c2dc493
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C313B26B09B4681EF449B06F860569A370FB89BD5F484432DE6E03BB8DF3DE485D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_F@@@MarginsRectSubtypeType_
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 3277776795-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: ef722784e0b65ccc80f98f4515e3d9f310606db86fa9db386606443fcbc13b2b
                                                                                                                                                                                                                                                                    • Instruction ID: ebd32c81a5619c65564c4948fbfab0d13e5a82a535707125614357e333beb297
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef722784e0b65ccc80f98f4515e3d9f310606db86fa9db386606443fcbc13b2b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE313B6AB09B4781EB449B06F85056AA371FB89BD5F480432DE6E03BB8DF3DD485D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4350 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?toString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE ref: 00007FFDFAEE43F7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FormattingUrl@@$ComponentFlags@Option@Option@2@@@@String@String@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$toString$toString(self, options: QUrl.FormattingOptions = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 1304294426-663103158
                                                                                                                                                                                                                                                                    • Opcode ID: 91543f40664a73ec64c57c4df7254850700edb0086a901e8b8d071a625293597
                                                                                                                                                                                                                                                                    • Instruction ID: 970ff8511d34c91e61febd87930009fe5ced772a92afdfc31613847ca5ee7939
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91543f40664a73ec64c57c4df7254850700edb0086a901e8b8d071a625293597
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2313436B09B46C5DB408F15E898BAD33A4FB49B80F81413ADEAD437A8DF39D518D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDF730 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?userInfo@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEDF7D7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?userComponentFlags@FormattingInfo@Option@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$userInfo$userInfo(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 297090289-704602060
                                                                                                                                                                                                                                                                    • Opcode ID: 1ffe7e113f3f245ea0c53c3b4f5a3dcc55336a8ffe293de8ba081fb344e692f4
                                                                                                                                                                                                                                                                    • Instruction ID: 019b08db13b45042cf63282f8696bdeba8f0af33e3c6a940688a0733980c69d3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ffe7e113f3f245ea0c53c3b4f5a3dcc55336a8ffe293de8ba081fb344e692f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF310236B09B42C5DB508F15E898BAD33A4FB89B80F41413ADAAD437A8DF39D558D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0320 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?userName@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE03CB
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?userComponentFlags@FormattingName@Option@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$userName$userName(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.FullyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2243265294-1489357731
                                                                                                                                                                                                                                                                    • Opcode ID: 3192801c778143cff99e20db8dd57c9907e74526f7910211eb2a1044d233da7d
                                                                                                                                                                                                                                                                    • Instruction ID: 2ad1d4b780d6a954889dbb465e240bdbc228993d6c54b3a449640e5e768e6725
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3192801c778143cff99e20db8dd57c9907e74526f7910211eb2a1044d233da7d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56312236B09B42C5DB508F15E898BAD33A4FB49B80F414136DAAD437B8DF39D948D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2700 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?fragment@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE27A7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?fragment@ComponentFlags@FormattingOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$fragment$fragment(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2583990267-3590717206
                                                                                                                                                                                                                                                                    • Opcode ID: 276c5acf6e614fa0f5c00ecbef062a9a24667d014d9f9a5506a5182fafc4a786
                                                                                                                                                                                                                                                                    • Instruction ID: 4098adfec0e43834cba5cc8027c89e4466768eb26b35086d19ef827ca0474230
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276c5acf6e614fa0f5c00ecbef062a9a24667d014d9f9a5506a5182fafc4a786
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7311236B09B4285DB408F15E898BAD33A4FB49B80F41413ADAAD437A8DF39D548D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC2F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?url@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE ref: 00007FFDFAEDC397
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FormattingUrl@@$?url@ComponentFlags@Option@Option@2@@@@String@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$url$url(self, options: QUrl.FormattingOptions = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2095917953-1147450086
                                                                                                                                                                                                                                                                    • Opcode ID: 4a59391e8c337efd990a75c98d1830a1eb332f1154ea889f85134e24b02a2221
                                                                                                                                                                                                                                                                    • Instruction ID: aa0dd047fd649f4a6665f7bf392173d709e277354cc356845329aba6b46fc7a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a59391e8c337efd990a75c98d1830a1eb332f1154ea889f85134e24b02a2221
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6311636B09B46C5DB508F15E8947AD33A4FB49B80F81413ADAAD437B4DF39D518D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1FF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE209B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?path@ComponentFlags@FormattingOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$path$path(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.FullyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 3953375720-3328280230
                                                                                                                                                                                                                                                                    • Opcode ID: f1959ae6c948b950d68005a41d27c54345097d25ec9653f7eff17a81d7dd6638
                                                                                                                                                                                                                                                                    • Instruction ID: e58c9d0ca9fab782e67bf46818741c17c0f3ef45aeda1de99bfac835d4f84ad5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1959ae6c948b950d68005a41d27c54345097d25ec9653f7eff17a81d7dd6638
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8312236B19B42C5DB408F15E8A8BAD33A4FB49B80F814136DEAD437A8DF39D908D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEAB80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?query@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEEAC27
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?query@ComponentFlags@FormattingOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$query$query(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2494922504-2408591519
                                                                                                                                                                                                                                                                    • Opcode ID: 332fc37df5c0751acd3dbd17662d703010270a8a4edf0ee26566022306d254c0
                                                                                                                                                                                                                                                                    • Instruction ID: 45c4195f9174d81f6c03c31ca9b42a29a41a6ea22292d03bb72e1c92d01ca050
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 332fc37df5c0751acd3dbd17662d703010270a8a4edf0ee26566022306d254c0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86315336B19F42C5DB408F15E898BAD33A4FB49B80F81413ADAAD437A8DF39D518D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE550 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?authority@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEDE5F7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?authority@ComponentFlags@FormattingOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$authority$authority(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.PrettyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 1082306523-2805476670
                                                                                                                                                                                                                                                                    • Opcode ID: 30798f1ca269c4dc17983b6b61aee035723bbbd77dfc46f68990bd3280434f39
                                                                                                                                                                                                                                                                    • Instruction ID: 0a81762121ec24a10a0838ba7fc80c7faa64dc91921a822e2314cc395d5bf186
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30798f1ca269c4dc17983b6b61aee035723bbbd77dfc46f68990bd3280434f39
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50312236B09B42C5DB408F15E898BAD33A4FB49B80F41413ADAAD437B8DF39D548D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8CF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?topLevelDomain@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE8D9B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?topComponentDomain@Flags@FormattingLevelOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$topLevelDomain$topLevelDomain(self, options: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.FullyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 481696878-1398568324
                                                                                                                                                                                                                                                                    • Opcode ID: 7628f966763c71a40e62c1c05a523c446fdcdc0ce12886e215d9f56caf5e454e
                                                                                                                                                                                                                                                                    • Instruction ID: 94fd5ed8d7ee0a17130f28e2ebcbf82ac7260881a3962200e086f6f36245bd4a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7628f966763c71a40e62c1c05a523c446fdcdc0ce12886e215d9f56caf5e454e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0312236B19B42C5DB408F15E898BAD33A4FB49B80F81413ADEAD437A8DF39D908D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5720 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BEE$QPauseAnimation$updateState$updateState(self, newState: QAbstractAnimation.State, oldState: QAbstractAnimation.State)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3529279911
                                                                                                                                                                                                                                                                    • Opcode ID: eba74dd25a48df45b48ac0f293253dfb97965fb1ca7b6431e5f2c376e21fa829
                                                                                                                                                                                                                                                                    • Instruction ID: 89da33d2cec0a77659c8915166cebf50110241e5c4b7c77ff007205ef112ce37
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eba74dd25a48df45b48ac0f293253dfb97965fb1ca7b6431e5f2c376e21fa829
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E312F36709F86C1EB508B15E850AAAB7A4FB85B84F544132DE9E43BB8DF3CD148DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEA820 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?contains@Rect@@$Point@@_V1@_
                                                                                                                                                                                                                                                                    • String ID: 1J9$QRect$__contains__
                                                                                                                                                                                                                                                                    • API String ID: 1444466199-3456792761
                                                                                                                                                                                                                                                                    • Opcode ID: c56532c6ea10fac227f8c45072ed1b977a4ba56da5a3419e9576020a03740d2d
                                                                                                                                                                                                                                                                    • Instruction ID: 7eb52ac9e8c0739710ee157c84cb4e82afb287ec7994ba6eb20de46d87181a88
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c56532c6ea10fac227f8c45072ed1b977a4ba56da5a3419e9576020a03740d2d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60217126B09A8381DF408B05F8546AAB360FB89BD5F494132DEAD07BB8DF7CD148D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1660 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDFAEE16F2
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?host@ComponentFlags@FormattingOption@String@@Url@@Url@@@@@malloc
                                                                                                                                                                                                                                                                    • String ID: B|J1$QUrl$host$host(self, a0: Union[QUrl.ComponentFormattingOptions, QUrl.ComponentFormattingOption] = QUrl.FullyDecoded) -> str
                                                                                                                                                                                                                                                                    • API String ID: 1995186320-313871115
                                                                                                                                                                                                                                                                    • Opcode ID: 74f6603ed78d9000b70314ffdaa32d4d84d8453b4277a4618857ae5c4ad78382
                                                                                                                                                                                                                                                                    • Instruction ID: 1330795be7afa542360b81da24bffbaafb8b45a750f473330fed560e94e72e4e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74f6603ed78d9000b70314ffdaa32d4d84d8453b4277a4618857ae5c4ad78382
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64314736B19B52C1DB408F15E898AAD33A4FB49B84F610136DEAD037B4DF39D548D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4750 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QPauseAnimation$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3448960436
                                                                                                                                                                                                                                                                    • Opcode ID: d5dd4119a753d81d679117fc700312ae67c354df81863a9875ae6d65cd099eaa
                                                                                                                                                                                                                                                                    • Instruction ID: 3cb47affdb3ce74e164706fb9d3bd68d12d75b236e82d84f272bd10583d3a8ce
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5dd4119a753d81d679117fc700312ae67c354df81863a9875ae6d65cd099eaa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A212836B0AF47C1EB408B15E890A6A73A4FB95B85F440132DA9E03BB8DF3CE548D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QStateMachine$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-1964060419
                                                                                                                                                                                                                                                                    • Opcode ID: 828681b180e40a67a3e73454eb848836c88a9f356dcf864b4155394a628c5e0b
                                                                                                                                                                                                                                                                    • Instruction ID: 72e379eba57a851ed6f4bf020965526567d3b4523439075badd6f20f2d538f58
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 828681b180e40a67a3e73454eb848836c88a9f356dcf864b4155394a628c5e0b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A211C32B0AF46C1EB409B15E890A6973A4FB85B85F440132DA9E47BBCDF3DD548D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDFEF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QParallelAnimationGroup$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3093982529
                                                                                                                                                                                                                                                                    • Opcode ID: faf1f6f1ba7097742ad7720a1a1c750aa7f556721741bc36e5a03cc4765cf9b3
                                                                                                                                                                                                                                                                    • Instruction ID: 2fc32d7f56ae18202cb2f5dc3853b039d3160334c0d731dca5c1e38e02929713
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: faf1f6f1ba7097742ad7720a1a1c750aa7f556721741bc36e5a03cc4765cf9b3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1921FB32B09F47C5EB509B15E854AAA73A4FB85B85F440132DA9E43BB8DF3DD049D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QThread$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3761686735
                                                                                                                                                                                                                                                                    • Opcode ID: fd32a0b892580395ffb489c14553cb0bf91e4bf08910b418da39fb96aa57268c
                                                                                                                                                                                                                                                                    • Instruction ID: 0192b7efae468c14015dc4f99a00b224ea0a9c783afd491599d44bfb6bc73a18
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd32a0b892580395ffb489c14553cb0bf91e4bf08910b418da39fb96aa57268c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4214B36B0AF47C2EB408B15E860A6A73A4FB85B85F440132DA9E43BB8DF3CD044D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE86C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QState$onExit$onExit(self, event: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2875241238
                                                                                                                                                                                                                                                                    • Opcode ID: c7a56ab7748d54b5f30595ac326fddd4f77434615b4f528cc234ec7f916e91a9
                                                                                                                                                                                                                                                                    • Instruction ID: 1abe3fffad8c626cffc3f1c1d2a6b3dae2416648c1ff89079502d9258e1e6d17
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7a56ab7748d54b5f30595ac326fddd4f77434615b4f528cc234ec7f916e91a9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73211932B0AB47C5EB408B15E4A466A73A4FB85B85F540132DE9E43BB8DF3DE544D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4AB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QState$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-579333537
                                                                                                                                                                                                                                                                    • Opcode ID: caaa43c11f9ddf29763647720d8184fcaa4bcb52e44f4b4e649ede54e295543e
                                                                                                                                                                                                                                                                    • Instruction ID: 5d572c7be5d49e938ae65601c01b2535ec305a55357bfdcf016293ba7b000d00
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: caaa43c11f9ddf29763647720d8184fcaa4bcb52e44f4b4e649ede54e295543e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E210836B0AF4782EB409B15E89466A73A4FB85B84F040132DAAE03BB8DF3DD558D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED6AB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QStateMachine$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-567199010
                                                                                                                                                                                                                                                                    • Opcode ID: 93fe178245429ee9d926955cd7e3ccbea90cffeb5ae1ff0be5b869eb207ca5ad
                                                                                                                                                                                                                                                                    • Instruction ID: ec6d6be161b854bad5dbddf9736cd12f1870776eabfb24adac154442c40afbdb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93fe178245429ee9d926955cd7e3ccbea90cffeb5ae1ff0be5b869eb207ca5ad
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24212C32B19F47C1EB409B15E860AAA73A4FB85B85F044132DA9E43BB8DF3DD048E740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4AA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QPauseAnimation$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3963424886
                                                                                                                                                                                                                                                                    • Opcode ID: ac3905801b2b333720cca9fe8e1a0cfdf9dc948f4837b6a364c763e29e75837a
                                                                                                                                                                                                                                                                    • Instruction ID: 7e232bd8397844bb53caeef37c237965946dca9843ca19a402c2526d8d6b7303
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac3905801b2b333720cca9fe8e1a0cfdf9dc948f4837b6a364c763e29e75837a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A212D32B09F47C1EB409B15E89066973A4FB95B85F440132DA9E03BB8EF3DD159D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QSettings$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-1405516607
                                                                                                                                                                                                                                                                    • Opcode ID: 7dee0cf247a07e4f9a6a8eb397b3f57750dc9e8d57884c4b47bd58e0c763ba8c
                                                                                                                                                                                                                                                                    • Instruction ID: 7f65d2404e1fdfb8e2e3a5593e985bbc5f581ded4e0073f6590de6d6445181f9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dee0cf247a07e4f9a6a8eb397b3f57750dc9e8d57884c4b47bd58e0c763ba8c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F211C32B09F46C1EB408B15E4A066973A4FB85B84F444136DA9E03BB8DF3DD549DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC420 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: BJ8$QStateMachine$onEntry$onEntry(self, event: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 4060738954-4269694997
                                                                                                                                                                                                                                                                    • Opcode ID: 9d2d1de1cd713d18269cb4660ba5f7b0c455ddf5501125f9818cb6ff7b8664e9
                                                                                                                                                                                                                                                                    • Instruction ID: e12a5d75b3dfffa1252540be9f3754c9db03a2e8075cdeb0a176ecbb649797c6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d2d1de1cd713d18269cb4660ba5f7b0c455ddf5501125f9818cb6ff7b8664e9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86210832B0AF4681EB408B25E494AAA77A4FB85B85F044132DA9E43BB8DF3DD145D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED6810 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QStateMachine$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3325959791
                                                                                                                                                                                                                                                                    • Opcode ID: e689caf4354effa956cc70c8768f302a9b8b9c373b22228196a693a8d7e906c6
                                                                                                                                                                                                                                                                    • Instruction ID: 591f1e5175916a161ad7b40f989a103496f3965b00c3eca6f713eb18641a94fc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e689caf4354effa956cc70c8768f302a9b8b9c373b22228196a693a8d7e906c6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7212C36B19F47C5EB409B15E4506AA73A4FB85B85F440132DA9E53BB8DF3DE048D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4FE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QPauseAnimation$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2718208113
                                                                                                                                                                                                                                                                    • Opcode ID: 6c3ffbcec365b9f05da3344c6b2559c18defd55c706a7faba371a8c580b3a166
                                                                                                                                                                                                                                                                    • Instruction ID: 555a0c1994242fb7c8787ab853d2021461c5afbb581d52d63193478896d960b0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c3ffbcec365b9f05da3344c6b2559c18defd55c706a7faba371a8c580b3a166
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE211932B09F46C6EB409B15E8A0A6A77A4FB85B85F440132DA9E43BB8DF3DD049D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDEFD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QParallelAnimationGroup$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2950244057
                                                                                                                                                                                                                                                                    • Opcode ID: 4b9d12fb4d64357c81b792b0214de9cbbcd74b2ff473ca94db8b6450154cb518
                                                                                                                                                                                                                                                                    • Instruction ID: 8a9c608afc2bd04364b1e6059d9f3e46ca73adc211f83d05c08565aced00604d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9d12fb4d64357c81b792b0214de9cbbcd74b2ff473ca94db8b6450154cb518
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22212B32B09F47C1EB408B15E8A46AA73A4FB85B84F044132DA9E03BB8DF3DD449D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE47D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QState$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3488748461
                                                                                                                                                                                                                                                                    • Opcode ID: 9217f91ae272801c7b54658e80608e6e5c65849c123a7c032e430148e7805c0c
                                                                                                                                                                                                                                                                    • Instruction ID: 5ae1ac58e07258352959fdbc54e1e92701bbcb896991fa5fd10ff244b706bdb0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9217f91ae272801c7b54658e80608e6e5c65849c123a7c032e430148e7805c0c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18210A32B09E87C1EB408B15E89466973A4FB85B84F040132EAAE43BBCDF3DD548D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDABA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QThread$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-30688938
                                                                                                                                                                                                                                                                    • Opcode ID: 561254892ee6919cdbebef0bddb836fc5e8f59b73c2c2badafb838b163289ca2
                                                                                                                                                                                                                                                                    • Instruction ID: 25cab9675d76330fafdaf489a73cb3ef637a0b7cce8d5dc6a668a55bb77b6d79
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 561254892ee6919cdbebef0bddb836fc5e8f59b73c2c2badafb838b163289ca2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79215E32B09F47C6EB409B15E490AA973A0FB85B85F444132DA9E03BB8DF3DD149D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4F90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QSettings$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3450364039
                                                                                                                                                                                                                                                                    • Opcode ID: 5270fb0640135bdfb9fc4f6785f19e0327863ab84f509309f4ec4f0f77ce7e2d
                                                                                                                                                                                                                                                                    • Instruction ID: d4454b4b104ead99dfd08c7d82f4dc98a146a265f9250c7c9678c13c16da4d88
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5270fb0640135bdfb9fc4f6785f19e0327863ab84f509309f4ec4f0f77ce7e2d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C210832B0AA47C1EB408B15E4A0A6A73A4FB85B85F441132EE9E03BB8DF3DD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC780 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Event@@@Exit@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: BJ8$QStateMachine$onExit$onExit(self, event: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 2869735145-2528517103
                                                                                                                                                                                                                                                                    • Opcode ID: cc2a19ad905ccf8f44e6f155059bffbbf196f73bac189142038f8e2428efd715
                                                                                                                                                                                                                                                                    • Instruction ID: 1574e44a6788a5b6d42fa99015aa5023a0c1f6f71397b6f881b544a823617f12
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc2a19ad905ccf8f44e6f155059bffbbf196f73bac189142038f8e2428efd715
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F212D36B09F47C1EB408B25E8A4A6A73A5FB85B85F040132DA9E03BB8DF3CD145D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8B70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QSharedMemory$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3509431251
                                                                                                                                                                                                                                                                    • Opcode ID: 6c869afc2bb61f171bbdc92d9fcf093cb83f17878fb35ae56fe8931a67140716
                                                                                                                                                                                                                                                                    • Instruction ID: 6bfde28ab606261855ea45891ddc4feac66e014adfdaf79570b6b497c5854667
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c869afc2bb61f171bbdc92d9fcf093cb83f17878fb35ae56fe8931a67140716
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15212A72B0AF47C1EB409B15E894A6A73A4FB85B85F440132DA9E03BB8DF3DE549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE760 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QParallelAnimationGroup$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-834092385
                                                                                                                                                                                                                                                                    • Opcode ID: a72109fe38760b9498d088699e4034c98ad66f8a9d120b0bb9d16d9b4b761b9a
                                                                                                                                                                                                                                                                    • Instruction ID: d48e4ecc6d5631806d22085d95385e2fe659ceec32c04f8a331eaee18afa2c18
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72109fe38760b9498d088699e4034c98ad66f8a9d120b0bb9d16d9b4b761b9a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7212C36B0AF47C1EB408B15E864A6A77A4FB85B85F440132DA9E03BB8DF3DD445D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDFB60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QParallelAnimationGroup$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-1505212363
                                                                                                                                                                                                                                                                    • Opcode ID: 0515db710ba8ddd40d2d388ad07b8a17ab6fb0529cbea49b350089701d82c744
                                                                                                                                                                                                                                                                    • Instruction ID: 3a846b8d1190b13d83f2731128816b94266f9ce05f00af2cc67869a768aaeea3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0515db710ba8ddd40d2d388ad07b8a17ab6fb0529cbea49b350089701d82c744
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD215A32B09F47C5EB409B15E8A0AAA73A0FB85B84F140132DA9E03BB8DF3DD449D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE8510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QState$onEntry$onEntry(self, event: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3809291501
                                                                                                                                                                                                                                                                    • Opcode ID: baccf46405da7b7f1593477d1d6c4c803eda7d9efd4838834f8d20f02b674fd4
                                                                                                                                                                                                                                                                    • Instruction ID: d8538e6db920209314cc9bd6ee722f583dac069798f6f6721d2eaf9bfc3522c5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baccf46405da7b7f1593477d1d6c4c803eda7d9efd4838834f8d20f02b674fd4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6621E832B09B46C1EB409B15E890AAA73A4FB85B85F540132DE9E43BB8DF3DE549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QThread$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-762062204
                                                                                                                                                                                                                                                                    • Opcode ID: 5843e7cfc701f5f54ad20a3b41af4c2f0190ae7f9ea1f71fc349d392285f6339
                                                                                                                                                                                                                                                                    • Instruction ID: 9fa28456b07ac1cbb2660092b69069076022e62eeadec11c3d044a5d699aaf8f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5843e7cfc701f5f54ad20a3b41af4c2f0190ae7f9ea1f71fc349d392285f6339
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B215C72B19F47C6EB409B15E89066A73A0FB85B85F040132DA9E03BB8DF3CD144D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9110 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QSharedMemory$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2117223024
                                                                                                                                                                                                                                                                    • Opcode ID: 7e3f837cb1fb269af83dbf225400f80813248ad7150171fb584503cb20468376
                                                                                                                                                                                                                                                                    • Instruction ID: 26ba6105dec3fb6c17ff08c3b2e881f01372dad1e158ee2fa9a647d89b4aadf1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e3f837cb1fb269af83dbf225400f80813248ad7150171fb584503cb20468376
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95212836B0AF47C2EB409B25E8946AA73A4FB85B84F040136DA9E03BB8DF3DD155D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4CF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QPauseAnimation$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2312154919
                                                                                                                                                                                                                                                                    • Opcode ID: 2a3edb56d9a2110c78881fe0d5386402b0b1122a9917beb20444a04ef0e563bc
                                                                                                                                                                                                                                                                    • Instruction ID: 020300143a544dd0062b880a6889a342c767afd8a2feaafc7a01e752209413e5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a3edb56d9a2110c78881fe0d5386402b0b1122a9917beb20444a04ef0e563bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48211932B09F46C1EB409B15E4A0AAA73A4FB85B85F440132DA9E43BB8DF3DD049D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5CD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: BJ8$QStateMachine$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-3950982331
                                                                                                                                                                                                                                                                    • Opcode ID: 76dc030530f38bc98a5fdd6df901860e64e79ea83767d67312a0bf97249b95ff
                                                                                                                                                                                                                                                                    • Instruction ID: bb04b0f41753e264ee9df9a61cf9aa4d82dc0936bd9fdaae25dd8a96013e39e8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76dc030530f38bc98a5fdd6df901860e64e79ea83767d67312a0bf97249b95ff
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9821F736B0AB46C1EB408B15E4A466A73A4FB85B85F440132DE9E03BB8DF3CD544D750
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDEEB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setUserInfo@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDFAEDEF55
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setInfo@Mode@1@@ParsingString@@Url@@User
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$QUrl$setUserInfo$setUserInfo(self, userInfo: Optional[str], mode: QUrl.ParsingMode = QUrl.TolerantMode)
                                                                                                                                                                                                                                                                    • API String ID: 2508829401-45508826
                                                                                                                                                                                                                                                                    • Opcode ID: 32462530da56ca0b2cc7c37a32c9c4857d1104899f6aca78e678e00ee410d833
                                                                                                                                                                                                                                                                    • Instruction ID: 3240eaac66b70a14c97a32d99cbfab6d7446cd7cc73cc2c5e50bef3e79618094
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32462530da56ca0b2cc7c37a32c9c4857d1104899f6aca78e678e00ee410d833
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB311436B09F46C1EB408F15E8986AD33A8FB49780F514236DAAD437B4DF39D959DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE040 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setAuthority@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDFAEDE0E5
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setAuthority@Mode@1@@ParsingString@@Url@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$QUrl$setAuthority$setAuthority(self, authority: Optional[str], mode: QUrl.ParsingMode = QUrl.TolerantMode)
                                                                                                                                                                                                                                                                    • API String ID: 609689584-2084403722
                                                                                                                                                                                                                                                                    • Opcode ID: 8373931d81ca457b2b31a13c8e406e02676c2e5a83bf6931c5d4067ce99eb80f
                                                                                                                                                                                                                                                                    • Instruction ID: 539344f6dfefa10e47a15adf9583c559f12c2015a67d8adf1b29f8592a2e63f4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8373931d81ca457b2b31a13c8e406e02676c2e5a83bf6931c5d4067ce99eb80f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4311436B09F46C1DB508F15E8986AD33A8FB49780F514236CAAD437B8DF39D959DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE23C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDFAEE2465
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setFragment@Mode@1@@ParsingString@@Url@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$QUrl$setFragment$setFragment(self, fragment: Optional[str], mode: QUrl.ParsingMode = QUrl.TolerantMode)
                                                                                                                                                                                                                                                                    • API String ID: 3730795057-2171983309
                                                                                                                                                                                                                                                                    • Opcode ID: 9d31c67071b15999407c34f1683a59af6157bff99445be802f2ea720041398c9
                                                                                                                                                                                                                                                                    • Instruction ID: ca6b67d881b26df29a5ab08cd33c46a17c0d139b56533061c17d80160e3d2101
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d31c67071b15999407c34f1683a59af6157bff99445be802f2ea720041398c9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0312336B19F46C1DB408F15E898AAD33A8FB49780F524136CAAD437B8DF39D949DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1130 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDFAEE11D9
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setHost@Mode@1@@ParsingString@@Url@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$QUrl$setHost$setHost(self, host: Optional[str], mode: QUrl.ParsingMode = QUrl.DecodedMode)
                                                                                                                                                                                                                                                                    • API String ID: 3344813239-883711454
                                                                                                                                                                                                                                                                    • Opcode ID: f0ad3d04ad3881a9f24fd8edce430690920e91b53b1380034dcea7d11ce0b2f4
                                                                                                                                                                                                                                                                    • Instruction ID: 8c4e9b8d7de3ee4ed69badd902b7fb583d92d094da9eec626f298d94eda35810
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0ad3d04ad3881a9f24fd8edce430690920e91b53b1380034dcea7d11ce0b2f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131F336B09F46C1DB408B15E8987AD33A4FB49780F514136CAAD437B4DF39D959DB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE08F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setPassword@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDFAEE0999
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setMode@1@@ParsingPassword@String@@Url@@
                                                                                                                                                                                                                                                                    • String ID: BJ1|E$QUrl$setPassword$setPassword(self, password: Optional[str], mode: QUrl.ParsingMode = QUrl.DecodedMode)
                                                                                                                                                                                                                                                                    • API String ID: 849961069-3424215521
                                                                                                                                                                                                                                                                    • Opcode ID: 94b585d9df034e386f907a495042945fa78dfdbf32df73f5100b8bfd3a471e54
                                                                                                                                                                                                                                                                    • Instruction ID: c6f8f863b8ab633146e4336cb1d2224f3eef8bebab0b11788bfa0aeb0f4131cd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94b585d9df034e386f907a495042945fa78dfdbf32df73f5100b8bfd3a471e54
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34311336B09F46C1EB408F15E8986AD33A8FB49780F514136DAAD437B4DF39D959D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE22D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?adjusted@QRect@@QEBA?AV1@HHHH@Z.QT5CORE ref: 00007FFDFAEE2368
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?adjusted@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: Biiii$QRect$adjusted$adjusted(self, xp1: int, yp1: int, xp2: int, yp2: int) -> QRect
                                                                                                                                                                                                                                                                    • API String ID: 2347232885-1393849231
                                                                                                                                                                                                                                                                    • Opcode ID: 49549c3672521eaee31859c22f919399115480ebb2ee1dddf6e94c128433ab88
                                                                                                                                                                                                                                                                    • Instruction ID: ae7ab6fefd3b2f0712954f81c756ff8be026ea1b0b556dda7df6a75efb5a1db4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49549c3672521eaee31859c22f919399115480ebb2ee1dddf6e94c128433ab88
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A215C36B19B47C5DB40CF11E898AAD33A4FB88B84F520136DAAD03768DF79D949DB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA420 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?postEvent@QStateMachine@@QEAAXPEAVQEvent@@W4EventPriority@1@@Z.QT5CORE ref: 00007FFDFAEDA4B9
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?postEventEvent@Event@@Machine@@Priority@1@@State
                                                                                                                                                                                                                                                                    • String ID: BJ:|E$QStateMachine$postEvent$postEvent(self, event: Optional[QEvent], priority: QStateMachine.EventPriority = QStateMachine.NormalPriority)
                                                                                                                                                                                                                                                                    • API String ID: 3918710353-2286234084
                                                                                                                                                                                                                                                                    • Opcode ID: 76063faf66d3e51f585427d2d25b282f330138855314aeac2c3d9f37a68dabfd
                                                                                                                                                                                                                                                                    • Instruction ID: 581fa618b6953aead99795935c0bc14f1ab976f1e6a9acddd659cfe341f6407e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76063faf66d3e51f585427d2d25b282f330138855314aeac2c3d9f37a68dabfd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B21F536B0AF46C1DB508B15E898AAC33A4FB49780F524236DAAD437B4DF39D559D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDD2F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setKey@Memory@@NativeSharedString@@@
                                                                                                                                                                                                                                                                    • String ID: BJ1$QSharedMemory$setNativeKey$setNativeKey(self, key: Optional[str])
                                                                                                                                                                                                                                                                    • API String ID: 2149804133-4265094639
                                                                                                                                                                                                                                                                    • Opcode ID: 5b1504206bb7b2031510b05e69971345c117675094f5e424ca4ace10c8f116de
                                                                                                                                                                                                                                                                    • Instruction ID: b38d801f1ba45ee56b36ffa2924a03d52277a6d6197516400370c39302d3f511
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b1504206bb7b2031510b05e69971345c117675094f5e424ca4ace10c8f116de
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99213736B19F46C0DB509F11E894AAD33A4FB48B80F914136CAAD43778DF39D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA2B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setKey@Memory@@SharedString@@@
                                                                                                                                                                                                                                                                    • String ID: BJ1$QSharedMemory$setKey$setKey(self, key: Optional[str])
                                                                                                                                                                                                                                                                    • API String ID: 2879159909-1527601641
                                                                                                                                                                                                                                                                    • Opcode ID: 215513b3601d079f553af05ed6af6ede933a721695f8e4ad065bb73493a99b63
                                                                                                                                                                                                                                                                    • Instruction ID: da465d6d9fa699f6b8e607423be5d91ec438068c1255a55f7574815ddd305161
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 215513b3601d079f553af05ed6af6ede933a721695f8e4ad065bb73493a99b63
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C213436B19F46C0DB108F15E898AAD33A4FB89B80F914132CAAD437B8DF39D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDD790 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setScheme@String@@@Url@@
                                                                                                                                                                                                                                                                    • String ID: BJ1$QUrl$setScheme$setScheme(self, scheme: Optional[str])
                                                                                                                                                                                                                                                                    • API String ID: 1539785516-1258673081
                                                                                                                                                                                                                                                                    • Opcode ID: 8e27ab241da9db4a0c4d47cfe5d484f60e9043e4d19532c7141a63b882a7009d
                                                                                                                                                                                                                                                                    • Instruction ID: e4e8d5bb4b67d9c113997ea97a8b5c92c800be8c602d4ec606a09b8abf393cc7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e27ab241da9db4a0c4d47cfe5d484f60e9043e4d19532c7141a63b882a7009d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38213436B09F46C0DB508F15E894AAD33A4FB88B80F914136CAAD437B8EF39D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2EF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ??IQRect@@QEBA?AV0@AEBV0@@Z.QT5CORE ref: 00007FFDFAEE2F61
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Rect@@V0@@malloc
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$intersected$intersected(self, other: QRect) -> QRect
                                                                                                                                                                                                                                                                    • API String ID: 1599582592-697700220
                                                                                                                                                                                                                                                                    • Opcode ID: 5cf81fbb1301b55c8cd19c5905a99dfb616281abed54947396580f0fe0fd20d4
                                                                                                                                                                                                                                                                    • Instruction ID: bec2248c59531cbd6e41fde8def1e0c8ab9d875898b9f19a4c1c0178943a1a2d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cf81fbb1301b55c8cd19c5905a99dfb616281abed54947396580f0fe0fd20d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE113636B09F47C1DB009B11E8A8AA933A4FB89B84F550036DAAE037A8DE79D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE72B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setInitialState@QState@@QEAAXPEAVQAbstractState@@@Z.QT5CORE ref: 00007FFDFAEE731E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setAbstractInitialState@State@@State@@@
                                                                                                                                                                                                                                                                    • String ID: B@J8$QState$setInitialState$setInitialState(self, state: Optional[QAbstractState])
                                                                                                                                                                                                                                                                    • API String ID: 3397155965-1511952636
                                                                                                                                                                                                                                                                    • Opcode ID: 47d4d149286ae0455b6b174a33e3c933dd673cdd0c58ad3dd424f120eedda46a
                                                                                                                                                                                                                                                                    • Instruction ID: 7749913b6ac4469b4b6e247c1f4ea7953d5501dd66c0f6228a48f3e0990a095b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47d4d149286ae0455b6b174a33e3c933dd673cdd0c58ad3dd424f120eedda46a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D212436B19F47C1DB008F15E8A8AA933A4FB89B80F914132CAAD437B8DF39D549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE3390 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ??UQRect@@QEBA?AV0@AEBV0@@Z.QT5CORE ref: 00007FFDFAEE3401
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Rect@@V0@@malloc
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$united$united(self, r: QRect) -> QRect
                                                                                                                                                                                                                                                                    • API String ID: 1599582592-3335640893
                                                                                                                                                                                                                                                                    • Opcode ID: 8d88d047596a2e3ab92fb89b11f0bc1f0fb8df15d4eddefb037f542a4987a6bc
                                                                                                                                                                                                                                                                    • Instruction ID: 6973b870709aa50fe5e980f7e2e946503aad2116ae9732d487f69b64cf119a1b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d88d047596a2e3ab92fb89b11f0bc1f0fb8df15d4eddefb037f542a4987a6bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0113636B09F47C1DB009B15E8A8AA933A4FB89B80F550036DAAE037A8DF79D549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5F70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setErrorState@QState@@QEAAXPEAVQAbstractState@@@Z.QT5CORE ref: 00007FFDFAEE5FDE
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setAbstractErrorState@State@@State@@@
                                                                                                                                                                                                                                                                    • String ID: B@J8$QState$setErrorState$setErrorState(self, state: Optional[QAbstractState])
                                                                                                                                                                                                                                                                    • API String ID: 1594996261-1045356368
                                                                                                                                                                                                                                                                    • Opcode ID: 0a08dae1a15707abeafdc996a961eba36f9707ad0ae3f943db69262ac773425c
                                                                                                                                                                                                                                                                    • Instruction ID: 31fee0216e2de1641f1bd0138ce934b3eac728c04344a523411345368954135e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a08dae1a15707abeafdc996a961eba36f9707ad0ae3f943db69262ac773425c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D213336B09F47C1DB408F14E8A8AA833A4FB89B94F914132CAAD037B8DF39C549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDBA60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Notifier@@Socket$?socket@?type@Type@1@
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$data$data(self) -> PyQt5.sip.voidptr
                                                                                                                                                                                                                                                                    • API String ID: 1774015921-2872677332
                                                                                                                                                                                                                                                                    • Opcode ID: fbbfa27fac6066759ca721496affc31754acfa06f632b3fe92f8f28f4351def7
                                                                                                                                                                                                                                                                    • Instruction ID: a53b1dc562868ad1b9db3ca71c37fd805df8bd876abeb3aeffd67446af6eeb9c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbbfa27fac6066759ca721496affc31754acfa06f632b3fe92f8f28f4351def7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75110436B19B86C1DB008F11E898AA973A4FB89B85F950032DAAE43778CF7DD559D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC0E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Notifier@@Socket$?socket@?type@Type@1@
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$constData$constData(self) -> PyQt5.sip.voidptr
                                                                                                                                                                                                                                                                    • API String ID: 1774015921-2258032849
                                                                                                                                                                                                                                                                    • Opcode ID: 5c9461f0f0a024b663d75f415a2e73cbca8676443a89250cb72944a82a585b9e
                                                                                                                                                                                                                                                                    • Instruction ID: 57b6a1b388638f9e8a4e227855712bc6a59e74faf4ba8be8c871eb634f25548b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c9461f0f0a024b663d75f415a2e73cbca8676443a89250cb72944a82a585b9e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC114636B09F86C1DB008F11E858AA973A4FB89B85F840032DAAE03B78CF7DD559D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6A80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?removeTransition@QState@@QEAAXPEAVQAbstractTransition@@@Z.QT5CORE ref: 00007FFDFAEE6AE3
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?removeAbstractState@@Transition@Transition@@@
                                                                                                                                                                                                                                                                    • String ID: BJ<$QState$removeTransition$removeTransition(self, transition: Optional[QAbstractTransition])
                                                                                                                                                                                                                                                                    • API String ID: 3089790475-913699418
                                                                                                                                                                                                                                                                    • Opcode ID: d778126c285b13c198a95ffca038e9c03928f4ea45bf15998893e55699697e94
                                                                                                                                                                                                                                                                    • Instruction ID: ab2b3e9efb10d4c57bd59c241b5f48b042492d3092d72a031ecd9b0e25d35108
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d778126c285b13c198a95ffca038e9c03928f4ea45bf15998893e55699697e94
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2911E336B19E47C1EB009F15E8A8AA833A5FB49B85F914132CA6D033B8DF7DD959D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1830 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?moveBottomLeft@Point@@@Rect@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$moveBottomLeft$moveBottomLeft(self, p: QPoint)
                                                                                                                                                                                                                                                                    • API String ID: 3139187651-3488173680
                                                                                                                                                                                                                                                                    • Opcode ID: 21ac8a679de02a381fd84684e7989de4db07a2926c100d4b3799d560e6f5aff8
                                                                                                                                                                                                                                                                    • Instruction ID: 7564a1e17e086995ab60fa1820c96038d617934eecc89010c5273715857324f0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21ac8a679de02a381fd84684e7989de4db07a2926c100d4b3799d560e6f5aff8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA111336B19E47C1EB008B14E898AA833A5FB49B84F910132CA6D033B8CF39D94AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setEventDispatcher@QThread@@QEAAXPEAVQAbstractEventDispatcher@@@Z.QT5CORE ref: 00007FFDFAEE1473
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Event$?setAbstractDispatcher@Dispatcher@@@Thread@@
                                                                                                                                                                                                                                                                    • String ID: BJ:$QThread$setEventDispatcher$setEventDispatcher(self, eventDispatcher: Optional[QAbstractEventDispatcher])
                                                                                                                                                                                                                                                                    • API String ID: 227301746-2164048177
                                                                                                                                                                                                                                                                    • Opcode ID: f7b8f5d4625813e1cc697f886dba3810b39e796bce37929901c17c578cecf957
                                                                                                                                                                                                                                                                    • Instruction ID: a9e8d84a59a9a826b46a02d0dee6cf032544c5b9532d9c3e47e8f445961046db
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7b8f5d4625813e1cc697f886dba3810b39e796bce37929901c17c578cecf957
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24111336B19E47C0EB009F14E898AA833A5FB49B80F914032CA6D033B8DF39D949D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0FE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?moveLeft@Point@@@Rect@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$moveTopLeft$moveTopLeft(self, p: QPoint)
                                                                                                                                                                                                                                                                    • API String ID: 3141919530-3475638791
                                                                                                                                                                                                                                                                    • Opcode ID: ad82b951e4060b1587f8fd02e71b9aee0c2d455b496e2a6c6c2f3b4af17f2bcf
                                                                                                                                                                                                                                                                    • Instruction ID: d2cfe8025a19903445986d2483ad9625fad87b9ede0c124c68d65707fa8a2138
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad82b951e4060b1587f8fd02e71b9aee0c2d455b496e2a6c6c2f3b4af17f2bcf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE111636B09E47C1EB00CB15E894AA833A5FB45B80F510132CA6D033B8DF7DD94AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2BE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setRect@@Size@Size@@@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$setSize$setSize(self, s: QSize)
                                                                                                                                                                                                                                                                    • API String ID: 789707759-2282474035
                                                                                                                                                                                                                                                                    • Opcode ID: e736ed8f3448aab8f3ea225c87f4980cea0a1f0a539838b29fcf7a3fafe05456
                                                                                                                                                                                                                                                                    • Instruction ID: 85df8557a35feb7cf3c81178f20f7bd696dfbc345c5c5ba30f2b6b7c01761fbf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e736ed8f3448aab8f3ea225c87f4980cea0a1f0a539838b29fcf7a3fafe05456
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33111336B09E47C1DB009F14E8A8AA933A5FB49B85F910032DA6D033B8CF79D54AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1360 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?moveBottomPoint@@@Rect@@Right@
                                                                                                                                                                                                                                                                    • String ID: BJ9$QRect$moveBottomRight$moveBottomRight(self, p: QPoint)
                                                                                                                                                                                                                                                                    • API String ID: 805675716-3729922850
                                                                                                                                                                                                                                                                    • Opcode ID: 1f60786cd5261c443a0bd21839509612d9e842100832f39196e8a3be89c76d31
                                                                                                                                                                                                                                                                    • Instruction ID: 0d4c9de0ca8bf3a95b8abfb7fedd780e0a08992a2347cb60f9a7242f2f917c1a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f60786cd5261c443a0bd21839509612d9e842100832f39196e8a3be89c76d31
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5111636B19E47C0DB009F15E8A4AA833A5FB45B84F910032CA6D433B8DF79D94AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED74D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?addState@QStateMachine@@QEAAXPEAVQAbstractState@@@Z.QT5CORE ref: 00007FFDFAED7533
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?addAbstractMachine@@StateState@State@@@
                                                                                                                                                                                                                                                                    • String ID: BJ:$QStateMachine$addState$addState(self, state: Optional[QAbstractState])
                                                                                                                                                                                                                                                                    • API String ID: 2756714010-2175752043
                                                                                                                                                                                                                                                                    • Opcode ID: 9f67c254eb720f49babef7680d13de4b4938d656f4ca7d5f39f322284fc9e3ad
                                                                                                                                                                                                                                                                    • Instruction ID: 309e4c7e64f3ad6ea62932c4d0fcb236d885072bd9102bf9ffc10cd32418c9e2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f67c254eb720f49babef7680d13de4b4938d656f4ca7d5f39f322284fc9e3ad
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E011E336B1AF47C1DB009F15E8A8AA933A5FB49B85F924032CA6D033B8DF79D559D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDAA60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?cancelBool_DelayedEvent@FromLongMachine@@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$cancelDelayedEvent$cancelDelayedEvent(self, id: int) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 1734009680-3493951477
                                                                                                                                                                                                                                                                    • Opcode ID: 5495c24268dced0f85bee10e9523c951c359b6f122021a848e078d545b6892bc
                                                                                                                                                                                                                                                                    • Instruction ID: c06aa5f68d30207aaa78f32526589c28e9545505b66035d2294136a0dc9ef9fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5495c24268dced0f85bee10e9523c951c359b6f122021a848e078d545b6892bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF01F736B19E47D1DB009F14E8A8AA933A4FB45B45F914132CAAD037B8CF3DD959D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6B30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?hasBool_Fragment@FromLongUrl@@
                                                                                                                                                                                                                                                                    • String ID: QUrl$hasFragment$hasFragment(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3174451482-1644185692
                                                                                                                                                                                                                                                                    • Opcode ID: 696e3ce98e058826d994f41a9e989073bc006dc575eb2667f6e30c6a1b41ea1e
                                                                                                                                                                                                                                                                    • Instruction ID: cf78dbc6b56f12a9671e2e14f0338569ac3995c63fdf22101c741a02ea319def
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 696e3ce98e058826d994f41a9e989073bc006dc575eb2667f6e30c6a1b41ea1e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5014826B09A47C1DB009F54E8A8AA833A4FB44785F910032CA6D033B8DE7CD649D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5330 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QPauseAnimation$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-4090366940
                                                                                                                                                                                                                                                                    • Opcode ID: 8a72497b805f0ab43db5894c3fc0a628c01d83c192974a87e9114d6fa02c1165
                                                                                                                                                                                                                                                                    • Instruction ID: 046ec7f0917a05049face43a886bf95f1a46b402e3853fa869bffceb0179105a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a72497b805f0ab43db5894c3fc0a628c01d83c192974a87e9114d6fa02c1165
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6011A36B09E47C1EB009F60E868AA833A4FB84B45F910072CA6E437B8DF7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEAAF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?autoBool_DetectFromLongStream@@TextUnicode@
                                                                                                                                                                                                                                                                    • String ID: QTextStream$autoDetectUnicode$autoDetectUnicode(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2148047754-2942617185
                                                                                                                                                                                                                                                                    • Opcode ID: 2f40fb31d63f67a5ab32d28cabdc3801a3b301ef79df3f872b81d09a68f32a39
                                                                                                                                                                                                                                                                    • Instruction ID: 0edc08c9df2b01ae403bc5d036e49e28e6af619beb53e53e6b7ff9872f14c5e3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f40fb31d63f67a5ab32d28cabdc3801a3b301ef79df3f872b81d09a68f32a39
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD011A31B09E47C1DB009F61E8A8AA933A4FB45B86F914032CA6D033B8DF7DD649D780
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC6F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?unlock@Bool_FromLongMemory@@Shared
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$unlock$unlock(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3554379945-999565410
                                                                                                                                                                                                                                                                    • Opcode ID: 64000c93ab85debd139dbf42255aa04399e7404bbc60058cc96d9f8a575ca53a
                                                                                                                                                                                                                                                                    • Instruction ID: d93c460d2ac30498e31608195f9675db402385637e02608bc4fd2f40eb05f9bc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64000c93ab85debd139dbf42255aa04399e7404bbc60058cc96d9f8a575ca53a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29011A36B09A47D1DB009F64E868AA833A4FB45785F910032CAAD037B8CF7DD659D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1AD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?loopFromLevel@LongLong_Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$loopLevel$loopLevel(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 66751864-3005684586
                                                                                                                                                                                                                                                                    • Opcode ID: 3dddf7a58927ec27dcb16ff6027bada76369e1844394f26d1a25a70ec47c6226
                                                                                                                                                                                                                                                                    • Instruction ID: 3dfaf2241f7fe0bb1a8f34ebf7c847a702f14c3791611565b1b15eceb168c901
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dddf7a58927ec27dcb16ff6027bada76369e1844394f26d1a25a70ec47c6226
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9011A36B09A47C1DB009F60E868AA933A4FB84745F914032CE6D437B8DF7DDA59D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QParallelAnimationGroup$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-2672445950
                                                                                                                                                                                                                                                                    • Opcode ID: 54456373c4c23e8b7f43b77d0a9f909f19a97da1f5d128d8d96d7556ba940074
                                                                                                                                                                                                                                                                    • Instruction ID: 399949928416f93a70d0735b42efd8e409b8402f0e128feee46fb7b03a6eb399
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54456373c4c23e8b7f43b77d0a9f909f19a97da1f5d128d8d96d7556ba940074
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51010C36B09A47C1DB009F60E858AA833A4FB44745F914032CA6D437B8DF7DD54AD340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED7040 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-3725516849
                                                                                                                                                                                                                                                                    • Opcode ID: fe336b57200f8a0220256d0f8702e13283a46331d4600fcae9d07c75c0470f31
                                                                                                                                                                                                                                                                    • Instruction ID: f2e9bd89d0302ec4ceff60762868d53dea4172631ab49a10cef3ba7de774963d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe336b57200f8a0220256d0f8702e13283a46331d4600fcae9d07c75c0470f31
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B011A36B09A47C1DB009F60E868AA833A4FB85B45F910072CA6D437B8DF7DDA59D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1830 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30threadtimeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?expiryFromLongLong_Pool@@ThreadTimeout@
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$expiryTimeout$expiryTimeout(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2886743871-367617588
                                                                                                                                                                                                                                                                    • Opcode ID: 9059aed6f313a9b24eb2d8968d57245ebd742049e65789f63e870932c163931e
                                                                                                                                                                                                                                                                    • Instruction ID: 359890e577347d0b08c2e6dfb1354b2a49c42670424ac31838962d0ab77759b2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9059aed6f313a9b24eb2d8968d57245ebd742049e65789f63e870932c163931e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58010835B09A47D1DB009F61E868AA833A4FB45745F910032CA6D437B8DF7DD649D780
                                                                                                                                                                                                                                                                    Function 00007FFDFAED8420 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLongMachine@@Running@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$isRunning$isRunning(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 547970032-2361301126
                                                                                                                                                                                                                                                                    • Opcode ID: 9ce15be13115e4b91770afdd9d6c426855d8e7d74ff806002a569a64eb0d9fc9
                                                                                                                                                                                                                                                                    • Instruction ID: e1da6b94f051242f5dc7b95d86004df5ed8704b4bff39439151495cbb6d98b3c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ce15be13115e4b91770afdd9d6c426855d8e7d74ff806002a569a64eb0d9fc9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4012C72B09E87D1DB009F60E868AA833A4FB45785F914072CAAD437B8CF7DD649D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE9410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLongSettings@@Writable@
                                                                                                                                                                                                                                                                    • String ID: QSettings$isWritable$isWritable(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3231351940-2951255255
                                                                                                                                                                                                                                                                    • Opcode ID: 41c4aef55763d6c32a9c8bad1a16ad51a29c414b9bbdd7f530d528840423b75c
                                                                                                                                                                                                                                                                    • Instruction ID: 526ff3139cc2dfc3eb41be0d80973992081598d204eb345a25f33f7fbbfa1b3b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41c4aef55763d6c32a9c8bad1a16ad51a29c414b9bbdd7f530d528840423b75c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E011E36B09A47D1DB009F54E8A8AA833A4FB44B85F910072CA6D037B8CF7DD649D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6810 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?hasBool_FromLongQuery@Url@@
                                                                                                                                                                                                                                                                    • String ID: QUrl$hasQuery$hasQuery(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3932017455-3597917966
                                                                                                                                                                                                                                                                    • Opcode ID: 38dc3ea43b8a5eb8084a83ceabfdba8b2272d925c779bf0bfddf4a44c7f79958
                                                                                                                                                                                                                                                                    • Instruction ID: a8c6423cb3ac2cb7aaa27e730710f8aab67e89bc37982bc2d1831f23bca1b480
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38dc3ea43b8a5eb8084a83ceabfdba8b2272d925c779bf0bfddf4a44c7f79958
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88011A35B09A47D1DB009F55E8A8AA833A4FB44B85F910072CA6D033B8CF7DD659D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE57E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QState$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-1143053432
                                                                                                                                                                                                                                                                    • Opcode ID: 4b9330cf6e0ea4934fc17e3d6ff70589cafa866ab1de00a688fb2d8b55ca4d3a
                                                                                                                                                                                                                                                                    • Instruction ID: 923229e206e191bb9dc813162dbdd5ed057586e820266eac05f46ef4b35b5381
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9330cf6e0ea4934fc17e3d6ff70589cafa866ab1de00a688fb2d8b55ca4d3a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE011A36B09A47C1EB009F60E868AA833A4FB45B45F910032CA6D437B8DF7DD60AD340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDCFA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLongUrl@@Valid@
                                                                                                                                                                                                                                                                    • String ID: QUrl$isValid$isValid(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 972525317-3474333081
                                                                                                                                                                                                                                                                    • Opcode ID: dd0a4fdb03bfcc9f388581ace1bff5a639c421e4a60be03b4a38d5614ed9323e
                                                                                                                                                                                                                                                                    • Instruction ID: 3985e99329e1bbe3ffa232923badf9c17867951666af9e0fb5defac2d70432f2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd0a4fdb03bfcc9f388581ace1bff5a639c421e4a60be03b4a38d5614ed9323e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2011A36B09A47D1DB009F64E8A8AA933A4FB44785F910072CA6D437B8DF7DD659D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDAF90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QThread$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-2126783021
                                                                                                                                                                                                                                                                    • Opcode ID: 7e38b870d4419a2f847062f43fba345b83544f665e2a60985f8119ab3f7a0f56
                                                                                                                                                                                                                                                                    • Instruction ID: edecbee545ce9dece34f22e5d253daa3f55a2791dc962bd1ec165640eb138640
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e38b870d4419a2f847062f43fba345b83544f665e2a60985f8119ab3f7a0f56
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5011A36B09A47D1DB009F60E868AA833A4FB44B45F914072CE6D437B8DF7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9D20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2462028585-3249757643
                                                                                                                                                                                                                                                                    • Opcode ID: 1e35b6deb5477b1db973f0badfb304a1c9e2af95719ae7ae69bc1a466c3f0a13
                                                                                                                                                                                                                                                                    • Instruction ID: 96868498d8ad8fad38d76f693b3474fe756bcd4496695fbcc70e6f479d5c549d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e35b6deb5477b1db973f0badfb304a1c9e2af95719ae7ae69bc1a466c3f0a13
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8011A36B09E47D1DB009F60E868AA933A4FB45B85F950032CA6E437B8DF7DD659D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDD520 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?stackFromLongLong_Size@Thread@@Unsigned
                                                                                                                                                                                                                                                                    • String ID: QThread$stackSize$stackSize(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 1370820603-1922733665
                                                                                                                                                                                                                                                                    • Opcode ID: 7a225d8550ccb6b45918dafa768becc233deb43656d0c474fd54aed54243bfd2
                                                                                                                                                                                                                                                                    • Instruction ID: 338be80b07e0674af44712809643084de1855eac17bff108158f3f20ff0d139f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a225d8550ccb6b45918dafa768becc233deb43656d0c474fd54aed54243bfd2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E010825B09A47D1DB009F60E868AA833A4FB84785F914032CA6D437B8DF7DD649D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB520 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Attached@Bool_FromLongMemory@@Shared
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$isAttached$isAttached(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3715673266-3922254435
                                                                                                                                                                                                                                                                    • Opcode ID: c8b58b5009a4c17636c03e2a986d75669208f49abf2360fba904e6aba192514c
                                                                                                                                                                                                                                                                    • Instruction ID: 247ed884ccdf430baad4641d0015f85168e9892d8c68fcc189bd717b265ac51c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8b58b5009a4c17636c03e2a986d75669208f49abf2360fba904e6aba192514c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1010826F09A87D1DB009F50E868AA833A4FB45B85F914032CAAD436B8CF7DD659D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDC510 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?lock@Bool_FromLongMemory@@Shared
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$lock$lock(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3374525948-2846163386
                                                                                                                                                                                                                                                                    • Opcode ID: 745a1300ad5758a44ec04d425b48708c6ce26fe4cefdab209a6ea2adf003c938
                                                                                                                                                                                                                                                                    • Instruction ID: 896bf7cc14d455bbe4b979672f047b25beb3c15eb3cd47cd968ece0d72de0ddb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 745a1300ad5758a44ec04d425b48708c6ce26fe4cefdab209a6ea2adf003c938
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E011A36F09A47D1DB009F51E868AA833A4FB85B85F910032CAAD037B8CF7DD659D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3900 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?stackFromLongLong_Pool@@Size@ThreadUnsigned
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$stackSize$stackSize(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 4254537568-2414511850
                                                                                                                                                                                                                                                                    • Opcode ID: 639826e6ef8cce809074f753df3520ba45d3b9523f31bfdc54f78c4915906b71
                                                                                                                                                                                                                                                                    • Instruction ID: 17f27f1d5f0de2ca47666c543a8f51dbfa4012d2a7a8f0acf23b540fc996d2b1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 639826e6ef8cce809074f753df3520ba45d3b9523f31bfdc54f78c4915906b71
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3011A35B09E47C1DB009F61E8A8AA833A4FB85745F954032CA6D437B8DF7DD649D780
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE18E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromInterruptionLongRequested@Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$isInterruptionRequested$isInterruptionRequested(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 3359754098-1522960180
                                                                                                                                                                                                                                                                    • Opcode ID: 7ec4389a59921b50ba86889ee17811045d2f90efb9e8ff98a18b99679707e785
                                                                                                                                                                                                                                                                    • Instruction ID: 34e21d28bf6cba8716a3c47991f2e71dd31c8c7a177725315878deeb41515c53
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ec4389a59921b50ba86889ee17811045d2f90efb9e8ff98a18b99679707e785
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28010821B09E47D1EB009F50E8A8AA833A4FB84745F914132CE6D432B8CF7DD959D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAED84E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Animated@Bool_FromLongMachine@@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$isAnimated$isAnimated(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 4125131123-917333823
                                                                                                                                                                                                                                                                    • Opcode ID: a73eccbe9acac8834bc9e9c7b842307d0f269410a58fc0e091f59af42d3f7ab3
                                                                                                                                                                                                                                                                    • Instruction ID: 1d04d9dacee4d5794165f9c7239bd5c0fef0c8d8bbe57cd8d78dbfb9b018e73c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a73eccbe9acac8834bc9e9c7b842307d0f269410a58fc0e091f59af42d3f7ab3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85012C36B09E87D1DB009F54E868AA933A4FB45785F914032CAAD437B8CF7DD649D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDBBE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?idealCount@FromLongLong_ThreadThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$idealThreadCount$idealThreadCount() -> int
                                                                                                                                                                                                                                                                    • API String ID: 2973730048-4279018204
                                                                                                                                                                                                                                                                    • Opcode ID: 38e4ddef0e2f812fa89b6e709ccb3d1ce7ac70d795ec77d67af84a89a21ccbd5
                                                                                                                                                                                                                                                                    • Instruction ID: 90daece3b6d8d427724a532f300bacf47bd2eac2020cdedb781d807a8f5f5515
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38e4ddef0e2f812fa89b6e709ccb3d1ce7ac70d795ec77d67af84a89a21ccbd5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05F03025F0AA47C2EF009B51E8647A82360FF86746F844032CA5E43AB8DF3CD149E740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB350 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: SubtypeType_$LongLong_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1089920808-0
                                                                                                                                                                                                                                                                    • Opcode ID: fbae2c534efb0721331b20538c3b56debfc77d931db89caab2c252fd19e120dc
                                                                                                                                                                                                                                                                    • Instruction ID: 7ee1f6d812aa2adf3bd022767b4d6d2b85b6366e16ccaa374e5aeea2e243f029
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbae2c534efb0721331b20538c3b56debfc77d931db89caab2c252fd19e120dc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86315965B09B4381EB149B12E860A3967A5FF89FC1F444472CEAE83BF8EE7DD4419300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDCAC0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_Locale@@$DeallocItemV0@@malloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1709696411-0
                                                                                                                                                                                                                                                                    • Opcode ID: b1113272d81c0183ba51def47a01427f9dc9eeed256ba09c810091f15c46c88d
                                                                                                                                                                                                                                                                    • Instruction ID: cffe895f2a0bf281c17330fb09584a8a652306c0794bc4cc4f7f5bdef6746e5d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1113272d81c0183ba51def47a01427f9dc9eeed256ba09c810091f15c46c88d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC219332B09A4285DB589F66E4A0A3D67A0FF89FD1F088434CE5E437A8DE3DD4458300
                                                                                                                                                                                                                                                                    Function 00007FFDFAED6BC0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$DeallocExpression@@ItemRegularUrl@@V0@@malloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3503659260-0
                                                                                                                                                                                                                                                                    • Opcode ID: a038f0d23203ef3a52f42cd9c264d0662ac2fcc205fb362b331adb08faaddef8
                                                                                                                                                                                                                                                                    • Instruction ID: f5deb5affe0ac8a8517024bb3e14952d2996411480a45f1af67cd5e87cf68338
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a038f0d23203ef3a52f42cd9c264d0662ac2fcc205fb362b331adb08faaddef8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7219332B19A4286DB589F56E4A053D77A1FB89FD1F088434CE5E437A8DE3DD4448300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEAFB0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$CommandDeallocExpression@@ItemLineOption@@RegularV0@@malloc
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1827271791-0
                                                                                                                                                                                                                                                                    • Opcode ID: 30eefeba0b3c0bdafabc67f319b14328fa3c0622a2e7da1d48cc7dfa985a11f9
                                                                                                                                                                                                                                                                    • Instruction ID: 0b01d9cb7762ad2a003ac1739370836cf6201577aaf690ed0233aa0088d5022b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30eefeba0b3c0bdafabc67f319b14328fa3c0622a2e7da1d48cc7dfa985a11f9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58217F32705A8285EB58AF56E4A053D77A1FB89FD1F09C434CE5E437A8DE3DE4459700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4B90 Relevance: 7.5, APIs: 5, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Eval_Object@@ThreadThread@@$?current?delete?thread@Later@RestoreSaveThread@
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1463984485-0
                                                                                                                                                                                                                                                                    • Opcode ID: fb55625ccefa6178516239f25549211cf53385c6e03f9f7aeca877eb2202bbd5
                                                                                                                                                                                                                                                                    • Instruction ID: 87ff915ace10d38e2394df00978739b65433143fcf45535ad2e958a068b6e9b3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb55625ccefa6178516239f25549211cf53385c6e03f9f7aeca877eb2202bbd5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6411DA26B19B47C2EF489B16A5646786364FB99FC1F081171DEAF03BA8CF3DE4499300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDECF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ??0QSharedMemory@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FFDFAEDED81
                                                                                                                                                                                                                                                                    • ??0QSharedMemory@@QEAA@AEBVQString@@PEAVQObject@@@Z.QT5CORE ref: 00007FFDFAEDEE3F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Memory@@Object@@@Shared$String@@malloc
                                                                                                                                                                                                                                                                    • String ID: J1|JH$|JH
                                                                                                                                                                                                                                                                    • API String ID: 3758290914-158370169
                                                                                                                                                                                                                                                                    • Opcode ID: 56e62458970afb48cd24e612ae7026a111b9e3ed0c1d77d674ba0c27b786a48c
                                                                                                                                                                                                                                                                    • Instruction ID: 4b71433a20c337dcd242287e453a8ed5a53dd1b26eee757931bdcc8dc80df9d5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56e62458970afb48cd24e612ae7026a111b9e3ed0c1d77d674ba0c27b786a48c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D41573671AB82C5DB408F22F854A5D73A8FB89B80F540136EEAD43BA8DF38D555CB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEA930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ??0QState@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFDFAEEA9C0
                                                                                                                                                                                                                                                                    • ??0QState@@QEAA@W4ChildMode@0@PEAV0@@Z.QT5CORE ref: 00007FFDFAEEAA6F
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: State@@V0@@$ChildMode@0@malloc
                                                                                                                                                                                                                                                                    • String ID: E|JH$|JH
                                                                                                                                                                                                                                                                    • API String ID: 918074669-3925693517
                                                                                                                                                                                                                                                                    • Opcode ID: 5b9f5ab46dba5987c36a7897e52f06bfee36c7fde9d10242540e41e5a9d43933
                                                                                                                                                                                                                                                                    • Instruction ID: de561e4334febbfbfcfda6a67496fd5230584273e566384bef9e5f686a8dd495
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b9f5ab46dba5987c36a7897e52f06bfee36c7fde9d10242540e41e5a9d43933
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1041583670AF8689DB508F11F894A9D73A8F749B80F15013ADEAD43BA8DF38E514C740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9350 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClearDeallocErr_SubtypeType_
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 3120778283-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: 10fff8fc030bbff2c55ac6b578970cd13505c32c779623b801f1f0ee7ad205ff
                                                                                                                                                                                                                                                                    • Instruction ID: 33b17163268a09a7442f1263c620e66a336f8105ef07d70259578ceafb959575
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10fff8fc030bbff2c55ac6b578970cd13505c32c779623b801f1f0ee7ad205ff
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D313E36B09B4782DB418B16E8A096973A0FF89B95F444132DE9E43BB8DF3CE495D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7AD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?compare@Bool_FromLongOperatingSystemV1@0@Version@@
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 980361540-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: ad387b07af03210842bd2f6cbb911287cbb7e53302a5a37c08104fd6d8f9ec36
                                                                                                                                                                                                                                                                    • Instruction ID: dbc9e1387f6dbe3bf39281e9a9168b1f67221e559d9d0cd17e29c6147832f5d5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad387b07af03210842bd2f6cbb911287cbb7e53302a5a37c08104fd6d8f9ec36
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0215A26B0AB4282EB019B55E8505B973A1BF85BA5F094131DEAE03BE8DF3CE495D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE3ED0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?compare@Bool_FromLongOperatingSystemV1@0@Version@@
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 980361540-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 20dac76d91169341fb6298270fcdc53ca565ef8dca21e70468c316165f712822
                                                                                                                                                                                                                                                                    • Instruction ID: 546a5b6d01d7089cc1b75a0a763920e4465dab95bd645d47ac02996ecd63222e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20dac76d91169341fb6298270fcdc53ca565ef8dca21e70468c316165f712822
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F216B36B0AB4382EB019B55E8505B963A0FF95B95F094131EEAE03BE8DF3CE495D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?compare@Bool_FromLongOperatingSystemV1@0@Version@@
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 980361540-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: d5b944b3e832795dc3c772b8992f325ccb4a142e99f075cb483b2c1370401875
                                                                                                                                                                                                                                                                    • Instruction ID: b943ae87beceda008e7cfceba41903caaa4543d84117c9c366b6903e2d33f4a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5b944b3e832795dc3c772b8992f325ccb4a142e99f075cb483b2c1370401875
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60216B76B0AB4282EB019B55E8605B973A0FF86B95F094031DE9D03BE8EF3CE495D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5BB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: QPauseAnimation$updateDirection$updateDirection(self, direction: QAbstractAnimation.Direction)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-2056200342
                                                                                                                                                                                                                                                                    • Opcode ID: 7675bd772b41cb8ceda4a02c1fd7cc9346684fbed76ad8bdbebaa3f938d09dc6
                                                                                                                                                                                                                                                                    • Instruction ID: 28f57330cf0e657e627b380b292f4d3291b4b77ef2a46a9573ce447235a8ea44
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7675bd772b41cb8ceda4a02c1fd7cc9346684fbed76ad8bdbebaa3f938d09dc6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79211936B09F47C2EB409B15E490A6973A4FB85B85F580132DA9E03BB8DF3DD145EB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE14C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?updateDirection@QParallelAnimationGroup@@MEAAXW4Direction@QAbstractAnimation@@@Z.QT5CORE ref: 00007FFDFAEE155A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Direction@$?updateAbstractAnimationAnimation@@@Group@@Parallel
                                                                                                                                                                                                                                                                    • String ID: QParallelAnimationGroup$updateDirection$updateDirection(self, direction: QAbstractAnimation.Direction)
                                                                                                                                                                                                                                                                    • API String ID: 2739181516-847784089
                                                                                                                                                                                                                                                                    • Opcode ID: b8e52706c14d15497f93515dc2d74e14b3b18e8ee161eb768f2786e12e72889b
                                                                                                                                                                                                                                                                    • Instruction ID: 79a47b7b7eb905893d8a5d78f907a9c93ece458a6862ded325c88f792d15a3df
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8e52706c14d15497f93515dc2d74e14b3b18e8ee161eb768f2786e12e72889b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09210832B09B47C2EB409B15E894A6973A4FF85B85F540132DA9E43BB8DF3DD449D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE0EF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?updateCurrentTime@QParallelAnimationGroup@@MEAAXH@Z.QT5CORE ref: 00007FFDFAEE0F7E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?updateAnimationCurrentGroup@@ParallelTime@
                                                                                                                                                                                                                                                                    • String ID: QParallelAnimationGroup$updateCurrentTime$updateCurrentTime(self, currentTime: int)
                                                                                                                                                                                                                                                                    • API String ID: 2128186102-1622385939
                                                                                                                                                                                                                                                                    • Opcode ID: bb1d797ec3277e6eecb187da93bef32664495d387b6cdc075be04985b3a4a920
                                                                                                                                                                                                                                                                    • Instruction ID: c53cf1698a8a59e904dbea822ad1f740a77934d76271db2df5dd8e580f0a7580
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb1d797ec3277e6eecb187da93bef32664495d387b6cdc075be04985b3a4a920
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11212A32B09B47C2EB00DB14E8A4AAA73A0FB85B85F040132DA9E43BB8DF3DD455D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED6940 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Entry@Event@@@State@@
                                                                                                                                                                                                                                                                    • String ID: QPauseAnimation$updateCurrentTime$updateCurrentTime(self, a0: int)
                                                                                                                                                                                                                                                                    • API String ID: 1816429982-1140425771
                                                                                                                                                                                                                                                                    • Opcode ID: 9c7620c8331ef3c046330cf2d600421720ae86aa82920e529b0cb44ded1a7a9e
                                                                                                                                                                                                                                                                    • Instruction ID: c51029c6e9a7393334385e409484654b58a3dae5076c808266127752f67e2db3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c7620c8331ef3c046330cf2d600421720ae86aa82920e529b0cb44ded1a7a9e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D213932B09B47C2EB409B15E860A6A73A4FB85B84F540132DA9E03BB8DF3DE149D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE32B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?fromLocalFile@QUrl@@SA?AV1@AEBVQString@@@Z.QT5CORE ref: 00007FFDFAEE330E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?fromFile@LocalString@@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$fromLocalFile$fromLocalFile(localfile: Optional[str]) -> QUrl
                                                                                                                                                                                                                                                                    • API String ID: 411194680-871698720
                                                                                                                                                                                                                                                                    • Opcode ID: 90d090869414db2c2cdab01fa0555af02af1d441ae37a327cc18217c62e5e248
                                                                                                                                                                                                                                                                    • Instruction ID: 36158eb15d4ae319020ea204e426415cd2723803f497468fe978a51243ed6328
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90d090869414db2c2cdab01fa0555af02af1d441ae37a327cc18217c62e5e248
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81210E36B19B47C6DB409F15E8549AA73A0FB89B94F445136EA9E43BB8DF3CD108DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7040 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?fromAce@QUrl@@SA?AVQString@@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFDFAEE709E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?fromAce@Array@@@ByteString@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$fromAce$fromAce(a0: Union[QByteArray, bytes, bytearray]) -> str
                                                                                                                                                                                                                                                                    • API String ID: 3223722236-2057277896
                                                                                                                                                                                                                                                                    • Opcode ID: b9cb1bdb038eee2446c49dd893d45a23c7f04298519e7f7df72ed7146fa03b94
                                                                                                                                                                                                                                                                    • Instruction ID: b90f316877247a729856ba4fb3feded593a4e23e07c9cf6cac7dbc91b66c818b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9cb1bdb038eee2446c49dd893d45a23c7f04298519e7f7df72ed7146fa03b94
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27215436B19B43C6DB409F15E8605AA73A0FB8AB84F455136DA9D43B78DF3CD108D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5BD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?fromPercentEncoding@QUrl@@SA?AVQString@@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFDFAEE5C2E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?fromArray@@@ByteEncoding@PercentString@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$fromPercentEncoding$fromPercentEncoding(a0: Union[QByteArray, bytes, bytearray]) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2623585163-1724481435
                                                                                                                                                                                                                                                                    • Opcode ID: 0d7da01dfc41ec4f02fcbefb83b145e331bd5b496b5d756da9fdbcc0008fa0b0
                                                                                                                                                                                                                                                                    • Instruction ID: 500071f8cf874d2016f16a40cfbfa9e430beb63e4bb1eb0818e42b18af942a5b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d7da01dfc41ec4f02fcbefb83b145e331bd5b496b5d756da9fdbcc0008fa0b0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8215436B19B43C5DB409F15E8649AA73A0FB8A784F455036EA9E43BB8DF3CD104D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7390 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?toAce@QUrl@@SA?AVQByteArray@@AEBVQString@@@Z.QT5CORE ref: 00007FFDFAEE73EE
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Ace@Array@@ByteString@@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$toAce$toAce(a0: Optional[str]) -> QByteArray
                                                                                                                                                                                                                                                                    • API String ID: 1385197097-182540760
                                                                                                                                                                                                                                                                    • Opcode ID: 2d77f34cbbaaacc53a2334d682bd2e1f113f5178ca50f3cc7bca1034219de011
                                                                                                                                                                                                                                                                    • Instruction ID: 89132dcb715bb5f63df65e42ad4bdab6dea88e3f10195c51b55ee5ec39641ee9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d77f34cbbaaacc53a2334d682bd2e1f113f5178ca50f3cc7bca1034219de011
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7210036B19B47C6DB409F15E8509AA73A0FB89784F855136EA9E43BB8DF3CD104D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED92B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: QRect$isEmpty$isEmpty(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-4059259517
                                                                                                                                                                                                                                                                    • Opcode ID: df3e71f1d77ad56af0dbed2651fd4c169eb2db0e142a9109b795d194769feeb8
                                                                                                                                                                                                                                                                    • Instruction ID: f4b7d47b362075078a18c6da04ddb13a82c6ff819f2e930d4819eb15f6363d7b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df3e71f1d77ad56af0dbed2651fd4c169eb2db0e142a9109b795d194769feeb8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B118E36B0AB47D2EB00CF58E8948A833A4FB44B45F554036CA6D437B8DF79D99AC380
                                                                                                                                                                                                                                                                    Function 00007FFDFAED97A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: QRect$isValid$isValid(self) -> bool
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-1242248060
                                                                                                                                                                                                                                                                    • Opcode ID: f8ba31e4ef6077ce52e3823d752e882a042cbc5aa0ceb64c6f3c2d5578b69820
                                                                                                                                                                                                                                                                    • Instruction ID: a72900e1c9bf1419c96764d1074dbb79ecd9b8d5ab55e3b0948fbde31acf3d5a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8ba31e4ef6077ce52e3823d752e882a042cbc5aa0ceb64c6f3c2d5578b69820
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98118236B0AB47C2EB00CF18E8949A833A4FB44B45F554032CA6D437B8DF79D98AC340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDDB20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAEDDB78
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?scheme@String@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$scheme$scheme(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2720562051-3114735864
                                                                                                                                                                                                                                                                    • Opcode ID: bfb0c2bb46d8f93713ba74f19546fa751d5825e1488aa555af2a042a965480ef
                                                                                                                                                                                                                                                                    • Instruction ID: e4cfa35373bdb1eebe0f9e2f6de2983d6f0b11624b4351506d6a4ccf0fbbfbf9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfb0c2bb46d8f93713ba74f19546fa751d5825e1488aa555af2a042a965480ef
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9113C26B19A47C1EB009F65E8A8BA933A4FB85B94F914036CA6D037B8CF3CD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDDF10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?center@QRect@@QEBA?AVQPoint@@XZ.QT5CORE ref: 00007FFDFAEDDF68
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?center@Point@@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: QRect$center$center(self) -> QPoint
                                                                                                                                                                                                                                                                    • API String ID: 1629757037-329580680
                                                                                                                                                                                                                                                                    • Opcode ID: 1b296f76eb8435485855cc1f15cf0f40b4558c376faec1b8c1d259870da54c83
                                                                                                                                                                                                                                                                    • Instruction ID: 1b619771975e4a4768414d34d0a57747e56104138ba30867f98ab6ec5cecbe47
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b296f76eb8435485855cc1f15cf0f40b4558c376faec1b8c1d259870da54c83
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65115E26B09A47C1EB009F55E868BA933A4FB85B84F914036DA6D037B8CF7DD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDCEF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?errorString@QSharedMemory@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAEDCF48
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?errorMemory@@SharedString@String@@malloc
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$errorString$errorString(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 689102365-4251117242
                                                                                                                                                                                                                                                                    • Opcode ID: 236432db52e1089af1199e19b52540201b2a574e416a5d57ce4cc638c7f4b113
                                                                                                                                                                                                                                                                    • Instruction ID: acfea763c92fb3168ae3cdcf2a12bf2ad4a37d16ed9ba9d33d2951d0f1799e6d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 236432db52e1089af1199e19b52540201b2a574e416a5d57ce4cc638c7f4b113
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37115B36B19A47C1EB009F65E868BA933A4FB85B84F814032DA6D037B8DF7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED7AC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?normalized@QRect@@QEBA?AV1@XZ.QT5CORE ref: 00007FFDFAED7B18
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?normalized@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: QRect$normalized$normalized(self) -> QRect
                                                                                                                                                                                                                                                                    • API String ID: 3668721892-1628837719
                                                                                                                                                                                                                                                                    • Opcode ID: a5f49d8d0a34a03164c415a0e0937aa224f03dea29e6f4ae80ce66a90680d06f
                                                                                                                                                                                                                                                                    • Instruction ID: c7efc20fff87bdc9b4fa988dcb4d1591cfcfbb7ab8dd5cebc4e907e5c782f50c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5f49d8d0a34a03164c415a0e0937aa224f03dea29e6f4ae80ce66a90680d06f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E113C66B09A4BC1DB00DB65E868AA933A4FB45B84F914036CA6D037B8CE7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?applicationName@QSettings@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAEDA6E8
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?applicationName@Settings@@String@@malloc
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$key$key(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 3243067093-360754383
                                                                                                                                                                                                                                                                    • Opcode ID: d460a0d0956d40c3aa858f083c43c080f54280d90a6712c17cb0a6fbd9b92be0
                                                                                                                                                                                                                                                                    • Instruction ID: 94290cbb30844415ca6e32f899505a1115ff336eaf2c5ad509bf4cc9fe5cec2d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d460a0d0956d40c3aa858f083c43c080f54280d90a6712c17cb0a6fbd9b92be0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35113C26B19A47C1DB009F55E868AA933A4FB85B84F814032CA6D037B8CF3DD649D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDEC40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?size@QRect@@QEBA?AVQSize@@XZ.QT5CORE ref: 00007FFDFAEDEC98
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?size@Rect@@Size@@malloc
                                                                                                                                                                                                                                                                    • String ID: QRect$size$size(self) -> QSize
                                                                                                                                                                                                                                                                    • API String ID: 1737786029-4012206340
                                                                                                                                                                                                                                                                    • Opcode ID: b0118e8399547d1f9714475f22bf48068dcb7f1f617865c1bbf7165fc7eb9630
                                                                                                                                                                                                                                                                    • Instruction ID: 83fd8fd556fd2b58251fcbe9071e3c52e38ca616d0a833a8057b7fde9d2a73fc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0118e8399547d1f9714475f22bf48068dcb7f1f617865c1bbf7165fc7eb9630
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B115B26B09E47C1EB009F55E8A8BA933A4FB85B84F914132CA6D037B8CF7DD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE37C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?toLocalFile@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAEE3818
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File@LocalString@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$toLocalFile$toLocalFile(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 914245049-3456500714
                                                                                                                                                                                                                                                                    • Opcode ID: 32455ec72522f883490d4941f5ba805fa5dece4f4096e0fe5682c5e9a0c8fce0
                                                                                                                                                                                                                                                                    • Instruction ID: adb34055e3b5a6626d5d9af68f124e63bb45a7f4e5505e71b45b27784a93bba4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32455ec72522f883490d4941f5ba805fa5dece4f4096e0fe5682c5e9a0c8fce0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3113C65B09A47C1EB009F55E868AA933A4FB85B84F914072CE6D037B8CE3CD549D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7BC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setList@@@StringUrl@@Whitelist@
                                                                                                                                                                                                                                                                    • String ID: QUrl$setIdnWhitelist$setIdnWhitelist(a0: Iterable[Optional[str]])
                                                                                                                                                                                                                                                                    • API String ID: 1971865844-1296598381
                                                                                                                                                                                                                                                                    • Opcode ID: 6426adab6a44168494401270583444b9720bbd0579d3a86e3d0a61254b148211
                                                                                                                                                                                                                                                                    • Instruction ID: 14d774c9eaa6e133c715101fa4cb0301289a484de1f543231ab147bf07947ee5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6426adab6a44168494401270583444b9720bbd0579d3a86e3d0a61254b148211
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7611C676B19B47C5DB409F15E8909A973A0FB89B84F845132EA9E43B78DE3CE109D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED7B70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?fileName@QSaveFile@@UEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAED7BC8
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?fileFile@@Name@SaveString@@malloc
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$errorString$errorString(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 492270921-983848628
                                                                                                                                                                                                                                                                    • Opcode ID: 173d5cbce3f14e235d4235c353f2cf16c1a4e37426fda6a2d0fb04edc5e8642d
                                                                                                                                                                                                                                                                    • Instruction ID: e6b72f574b8d0af638aaa6e299ba9d25a097670f3d9b3f87837211d3ec8ae6ee
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 173d5cbce3f14e235d4235c353f2cf16c1a4e37426fda6a2d0fb04edc5e8642d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62115E36B09A47C1DB009F55E868BAD33A4FB85B81F814032CA6D037B8DE7CD509D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6D10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?errorString@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDFAEE6D68
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?errorString@String@@Url@@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$errorString$errorString(self) -> str
                                                                                                                                                                                                                                                                    • API String ID: 2086713196-3712692383
                                                                                                                                                                                                                                                                    • Opcode ID: bca83533e34bbd49297bbb5fe1346247e280d99dcd8910a444a90a9e8499e9f0
                                                                                                                                                                                                                                                                    • Instruction ID: e40ff12b49eb711cdd24fcf6b43a8d3b8e2a78dc5d5794665b6c160901118468
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bca83533e34bbd49297bbb5fe1346247e280d99dcd8910a444a90a9e8499e9f0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4115E35B09A47C1DB009F55E868BA933A4FB85B84F914032CE6D037B8DE3CD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA110 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?setGlobalRestorePolicy@QStateMachine@@QEAAXW4RestorePolicy@QState@@@Z.QT5CORE ref: 00007FFDFAEDA172
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Policy@Restore$?setGlobalMachine@@StateState@@@
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$setGlobalRestorePolicy$setGlobalRestorePolicy(self, restorePolicy: QState.RestorePolicy)
                                                                                                                                                                                                                                                                    • API String ID: 2331241036-191795362
                                                                                                                                                                                                                                                                    • Opcode ID: 2db1f5e0053a184b813b10879f724a8b0bd7098e9d805ab9ddea8f426e0c026a
                                                                                                                                                                                                                                                                    • Instruction ID: 5da1e49899d010ca4302bb50ee5570a0b4893c0f64c66806db277e2f366f7bb2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2db1f5e0053a184b813b10879f724a8b0bd7098e9d805ab9ddea8f426e0c026a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D110436B19E4781DB008B14E898AA833A5FB89B85F910132CA6D033B8CF39D549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE48C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?transposed@QRect@@QEBA?AV1@XZ.QT5CORE ref: 00007FFDFAEE4918
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?transposed@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: QRect$transposed$transposed(self) -> QRect
                                                                                                                                                                                                                                                                    • API String ID: 3715936540-100623103
                                                                                                                                                                                                                                                                    • Opcode ID: 9d456b7ea50a40cf6f5431c5e647224d1c557dd627d991f11edbfbf1f27216e9
                                                                                                                                                                                                                                                                    • Instruction ID: cb4ebe0cb0301b44ef614d409b3469dbdeaf732fd06ec5c416512e4385bd1742
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d456b7ea50a40cf6f5431c5e647224d1c557dd627d991f11edbfbf1f27216e9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3115E76B0AA47C1EB009F55E868BA933A4FB45B84F914036CE6D037B8CE7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED86E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setAnimated@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$setAnimated$setAnimated(self, enabled: bool)
                                                                                                                                                                                                                                                                    • API String ID: 3079546299-456897234
                                                                                                                                                                                                                                                                    • Opcode ID: 68c0ba7ce6a7e8f20d3ef4531ad6025c00bd102d0344c5378ec3c6b9612a19c3
                                                                                                                                                                                                                                                                    • Instruction ID: 9acd0a775d81473d8f28ed9537253badf7bf2093633da294f495498ee8319210
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68c0ba7ce6a7e8f20d3ef4531ad6025c00bd102d0344c5378ec3c6b9612a19c3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53111836B19E47C1DB008B14E894AA833A5FB45B85F914172CA6D033B8DF7DD549D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED1AE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34threadtimeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setExpiryPool@@ThreadTimeout@
                                                                                                                                                                                                                                                                    • String ID: QThreadPool$setExpiryTimeout$setExpiryTimeout(self, expiryTimeout: int)
                                                                                                                                                                                                                                                                    • API String ID: 2358723795-193151932
                                                                                                                                                                                                                                                                    • Opcode ID: 82018df4a09d45c48226d42743a0a0959dc79aca3c0459780b3b96a50d84d3d6
                                                                                                                                                                                                                                                                    • Instruction ID: 347321160b30de7fa8d0cae7c8296e5bcff120775f9d7dc573fb7473a79028b5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82018df4a09d45c48226d42743a0a0959dc79aca3c0459780b3b96a50d84d3d6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C111536B19E4BC1EB00DF15E898AA833A5FB45B85F914132CA6D03378DF39D54AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDBC50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setMachine@@Running@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$setRunning$setRunning(self, running: bool)
                                                                                                                                                                                                                                                                    • API String ID: 1558118639-552697762
                                                                                                                                                                                                                                                                    • Opcode ID: 4222e4ae3de3dee6bf5e161fe96c14209afbe7c72465a7f2fc1d52b18542770b
                                                                                                                                                                                                                                                                    • Instruction ID: 71f8bf3cea98107f2366339557708cd00b1ef06aad258883a4e061274b1b924b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4222e4ae3de3dee6bf5e161fe96c14209afbe7c72465a7f2fc1d52b18542770b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25110376B19E47C1DB008B14E898AA833A5FB85B85F914132CAAD033B8DE3DD54AD700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEA770 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?setAutoDetectStream@@TextUnicode@
                                                                                                                                                                                                                                                                    • String ID: QTextStream$setAutoDetectUnicode$setAutoDetectUnicode(self, enabled: bool)
                                                                                                                                                                                                                                                                    • API String ID: 2263489103-3583715552
                                                                                                                                                                                                                                                                    • Opcode ID: f5fa6c3e9b185e7d0aa69e137c8c613ced11de6f5b21b9a1e98d832cea214299
                                                                                                                                                                                                                                                                    • Instruction ID: ddb0eebceb0647d8500057d2780364a4a6fe600b1515d4d3a9cb4fd84d5dd165
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5fa6c3e9b185e7d0aa69e137c8c613ced11de6f5b21b9a1e98d832cea214299
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E110336B1AE47C1DB00CF15E8A8AA833A5FB45B85F914132CA6D033B8DE3DD54AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5ED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: State@@$?errorAbstractState@
                                                                                                                                                                                                                                                                    • String ID: QState$errorState$errorState(self) -> Optional[QAbstractState]
                                                                                                                                                                                                                                                                    • API String ID: 1973248026-3293543218
                                                                                                                                                                                                                                                                    • Opcode ID: 6caa97868831f08942b525c38f0806dab94406013c66cc80d019f911eb045c2f
                                                                                                                                                                                                                                                                    • Instruction ID: 28b4bfc8399e52c1626bae83e9ffebbccc79c5f286283954549f0fcbdb85f1c2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6caa97868831f08942b525c38f0806dab94406013c66cc80d019f911eb045c2f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E010936B09A87C1EB409F15E868AA933A4FB45B84F914032CA6D437B8CE7DD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6FA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?iniCodec@Codec@@Settings@@Text
                                                                                                                                                                                                                                                                    • String ID: QState$initialState$initialState(self) -> Optional[QAbstractState]
                                                                                                                                                                                                                                                                    • API String ID: 2909422478-2241397219
                                                                                                                                                                                                                                                                    • Opcode ID: ca8384dfdd34f50e9bb93878faed50c681c856194462371e8bf22f3758b202c0
                                                                                                                                                                                                                                                                    • Instruction ID: 992dd4b1565c346ea4e225977f77f3d02c9e879286721bff541a44630e805dd8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca8384dfdd34f50e9bb93878faed50c681c856194462371e8bf22f3758b202c0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4011B36B19A47C1EB408F15E868AA933A4FB85B84F954032CA6D437B8CE7DD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDD030 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?priority@Priority@1@Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$priority$priority(self) -> QThread.Priority
                                                                                                                                                                                                                                                                    • API String ID: 4224653945-2465289338
                                                                                                                                                                                                                                                                    • Opcode ID: 93b9df64163c4e30ac0b5b76e301edd1ebaf8c7834e1720ff26ed601b595432b
                                                                                                                                                                                                                                                                    • Instruction ID: 948118401685980640fca45f0eee3d2ea83ce189b1cab875e58e3d8dfae22250
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93b9df64163c4e30ac0b5b76e301edd1ebaf8c7834e1720ff26ed601b595432b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56011726B09A47C1DB009F24E8A8AA833A4FB84B85F954032CA6D437B8CF7DD549D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDCBD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?error@QSharedMemory@@QEBA?AW4SharedMemoryError@1@XZ.QT5CORE ref: 00007FFDFAEDCC1B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Shared$?error@Error@1@MemoryMemory@@
                                                                                                                                                                                                                                                                    • String ID: QSharedMemory$error$error(self) -> QSharedMemory.SharedMemoryError
                                                                                                                                                                                                                                                                    • API String ID: 1544108909-2440708753
                                                                                                                                                                                                                                                                    • Opcode ID: abbb67e641a2adcab896141212e61402a57b5e4f6730f1ebe0c7da02ddbf15cb
                                                                                                                                                                                                                                                                    • Instruction ID: 397a924f3f4e76eaaac2182255c9744af37d5aea6c7ac5151fff99772a34a167
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abbb67e641a2adcab896141212e61402a57b5e4f6730f1ebe0c7da02ddbf15cb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73011726B09E47D1DB00DF24E868AA833A4FB85B84F954036CA6E437B8CF7CD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6BC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?status@Settings@@Status@1@
                                                                                                                                                                                                                                                                    • String ID: QSettings$status$status(self) -> QSettings.Status
                                                                                                                                                                                                                                                                    • API String ID: 1707562958-2827344044
                                                                                                                                                                                                                                                                    • Opcode ID: 6a71ad168fac7934e4b8338259f37ef31c99f69b4239d3685bf4e3b22f710966
                                                                                                                                                                                                                                                                    • Instruction ID: 247ceb4924b602cf55d6f2801f28c79a376ffffa4c8f87e772631ca75c4b3a71
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a71ad168fac7934e4b8338259f37ef31c99f69b4239d3685bf4e3b22f710966
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E012936B09E47D1DB409F24E8A8AA833A4FB84B84F954032CA6D437B8CF7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED77C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?duration@Animation@@Variant
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$error$error(self) -> QStateMachine.Error
                                                                                                                                                                                                                                                                    • API String ID: 1747504512-3410473450
                                                                                                                                                                                                                                                                    • Opcode ID: 3a4677f1f199e1defc9281eef13e1d9ea59fa32a61176bb91c1f8c0b69d82aa9
                                                                                                                                                                                                                                                                    • Instruction ID: 83eb30e1081c99bac11c0d2be501e188e7cbb26fb2c314db3449d166fb6be970
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a4677f1f199e1defc9281eef13e1d9ea59fa32a61176bb91c1f8c0b69d82aa9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD012936B09E87C1DB009F25E868AA833A4FB85B85F914032CA6D437B8CF7CD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7520 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?error@QSharedMemory@@QEBA?AW4SharedMemoryError@1@XZ.QT5CORE ref: 00007FFDFAEE756B
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Shared$?error@Error@1@MemoryMemory@@
                                                                                                                                                                                                                                                                    • String ID: QState$childMode$childMode(self) -> QState.ChildMode
                                                                                                                                                                                                                                                                    • API String ID: 1544108909-4093118690
                                                                                                                                                                                                                                                                    • Opcode ID: a39b0564e60561de846795eac6937de37ad9d1812059181f2240bf34ecf83241
                                                                                                                                                                                                                                                                    • Instruction ID: c7d88567a9d445b1a9234a86b9c66b7b01fdaef014ef0d99c5709997ace236a8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a39b0564e60561de846795eac6937de37ad9d1812059181f2240bf34ecf83241
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6012936B0AE47C1EB009F14E8A8AA833A4FB85B84F914072CA6D437B8CF7CD549D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE5740 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?detach@Url@@
                                                                                                                                                                                                                                                                    • String ID: QUrl$detach$detach(self)
                                                                                                                                                                                                                                                                    • API String ID: 2396526683-2386313804
                                                                                                                                                                                                                                                                    • Opcode ID: b8f46325eddcc21482596bbe5cdfbbd2f4cb16e03ec0127f6d244e61c8e5668c
                                                                                                                                                                                                                                                                    • Instruction ID: 4956e5d623a3e08dec6c29be8338b82359ba3f1b2562866e2a5178c120f14f14
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8f46325eddcc21482596bbe5cdfbbd2f4cb16e03ec0127f6d244e61c8e5668c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77011725B09E4BC0DB009F14E8A8AA833A4FB44B85F910032CE6D033B4CE7DD65AD380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE320 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?terminate@Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$terminate$terminate(self)
                                                                                                                                                                                                                                                                    • API String ID: 4178474498-243194588
                                                                                                                                                                                                                                                                    • Opcode ID: a3897e12adf2a65de8140530ffe662847e502c9ba40cfdcde34b2069ccbec041
                                                                                                                                                                                                                                                                    • Instruction ID: 29a65cbfc69f92540ec8f33a5fc73307a2b677e5436500bd82ea3560f5f5ce86
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3897e12adf2a65de8140530ffe662847e502c9ba40cfdcde34b2069ccbec041
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8701C526B09E47C0DB009F15E8A8AA833A4FB85B85F914032CA6D437B4CF7DD549E380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB680 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?start@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$start$start(self)
                                                                                                                                                                                                                                                                    • API String ID: 130777089-827315881
                                                                                                                                                                                                                                                                    • Opcode ID: 9fc13cd4f651ae96e0b25f5229c3be80ea40456590aa53231d6e62ba3c0bea49
                                                                                                                                                                                                                                                                    • Instruction ID: 17ed61d5b6470ad1f8426b66b4a745319939cae5947f60fa17ed0c4938940bdf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fc13cd4f651ae96e0b25f5229c3be80ea40456590aa53231d6e62ba3c0bea49
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7501E936B09E47C0DB009F15E8A4AA833A4FB45B85F914072CA6D437B8CF7DD549D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE680 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QRect$height$height(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-2207837906
                                                                                                                                                                                                                                                                    • Opcode ID: d612a2e039c9f4c484c5cd4f037556c9ad0e709493d4ceb5aa21a16b8ab5ea8d
                                                                                                                                                                                                                                                                    • Instruction ID: afc080610bbe9095eada9989f9f6ee32a073e79da3d02bd8130c336f96d6ca92
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d612a2e039c9f4c484c5cd4f037556c9ad0e709493d4ceb5aa21a16b8ab5ea8d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93011E36B09A87D1DB00DF64E898AA837A4FB44B45F954136CA6D03378CF7DD64AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE3C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QRect$width$width(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-473855772
                                                                                                                                                                                                                                                                    • Opcode ID: bb9ef135c8fb4e04b1fa89cde01f1ce9e12326fa4d709a23f22574534f462ea2
                                                                                                                                                                                                                                                                    • Instruction ID: 6f37008eac5c1f5ad0f7d3466301a5b2091d9561457846ef11e96986c1aad4ae
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb9ef135c8fb4e04b1fa89cde01f1ce9e12326fa4d709a23f22574534f462ea2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08011A36B09A47D1DB00DF64E898AA833A4FB44B85F954136CA6D037B8CF7DD64AD740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED7F90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?clearError@Machine@@State
                                                                                                                                                                                                                                                                    • String ID: QStateMachine$clearError$clearError(self)
                                                                                                                                                                                                                                                                    • API String ID: 4176901155-1860149220
                                                                                                                                                                                                                                                                    • Opcode ID: bd205cd8c6eba0b4ffddcddaa9ec3e17dac17d73d51ce64cef6ad5a564f0c3f2
                                                                                                                                                                                                                                                                    • Instruction ID: 2ca3fba8b19538908fcadd1be7abedce7b3c3ed370d8725e626046fa3960298f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd205cd8c6eba0b4ffddcddaa9ec3e17dac17d73d51ce64cef6ad5a564f0c3f2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E701D726B09E87C1DB008F55E8A4AA833A4FB85B85F914072CA6D437B8CF7DD519D380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE1770 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?requestInterruption@Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$requestInterruption$requestInterruption(self)
                                                                                                                                                                                                                                                                    • API String ID: 1565769845-2270185360
                                                                                                                                                                                                                                                                    • Opcode ID: 126cd5846b3e8ad63f919c375c375c355bf593403b1d2cba6fc1ceb300ac51fd
                                                                                                                                                                                                                                                                    • Instruction ID: 1a6cd5994bb05baeb7200b3bb59c53b7cd386ebdc7920d9cce4046edb86ead99
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 126cd5846b3e8ad63f919c375c375c355bf593403b1d2cba6fc1ceb300ac51fd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD01D726B09E4BC0DB009F15E898AA833A4FB85B85F914072CE6D437B8CF7DD54AD780
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDE4B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?quit@Thread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$quit$quit(self)
                                                                                                                                                                                                                                                                    • API String ID: 3375825534-1531828321
                                                                                                                                                                                                                                                                    • Opcode ID: 974d792a415b725ec65345159cab35d748af902594caa216aa028f8cd2fd9f93
                                                                                                                                                                                                                                                                    • Instruction ID: 52fad669369916e7536abba63691f7b479c4745e1f83757fea66089b37aa4b2a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 974d792a415b725ec65345159cab35d748af902594caa216aa028f8cd2fd9f93
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0011725B09E4BC0DB009F14E898AA833A4FB85B85F914032CE6D437B8CF7DD54AD380
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QOperatingSystemVersion$minorVersion$minorVersion(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-1571346134
                                                                                                                                                                                                                                                                    • Opcode ID: 311434924e4eb691aaa55d809c38b7e5be40f904336ccb50990497c407bb29ee
                                                                                                                                                                                                                                                                    • Instruction ID: 3a51937f998d95e655f2807ee6ca82a023ab7cad8d96883f4617d0d2c162a9ac
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 311434924e4eb691aaa55d809c38b7e5be40f904336ccb50990497c407bb29ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56011A36B09B87C1DB008F54E898AA833A4FB84745F954032CA6D037B8CF7DDA49D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED9A70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QRect$left$left(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-153448523
                                                                                                                                                                                                                                                                    • Opcode ID: 73ccb2f50e23344b570f56cc44d5646da95133477b1485e6ff130f2a71f4a2a7
                                                                                                                                                                                                                                                                    • Instruction ID: c6d4337f6210c298d3875df99792563e2d04c35e230bf90505e9eccf02ab2497
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73ccb2f50e23344b570f56cc44d5646da95133477b1485e6ff130f2a71f4a2a7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37012C36B09A47D1DB00CF14E898AA933A4FB44B45F914032CA6D077B4CF7DD649D340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA390 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QRect$bottom$bottom(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-790904555
                                                                                                                                                                                                                                                                    • Opcode ID: 893a4bb9e0784b79d924e249d7ae058e31df411edd410fc8e8962b7389e04fdd
                                                                                                                                                                                                                                                                    • Instruction ID: 8d929a553558280ea49e400fa384e83351dd0c1b9218b6677f7516581aac109c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 893a4bb9e0784b79d924e249d7ae058e31df411edd410fc8e8962b7389e04fdd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9011A36B09A47D1DB008F54E898AA833A4FB44B55F914132CA6D037B4CF7DD649D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE2950 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QOperatingSystemVersion$majorVersion$majorVersion(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-1796193810
                                                                                                                                                                                                                                                                    • Opcode ID: 4181fa3a87c97a120d32fd2737ca3e25d23f6ecdd32d1657b68d5804232a8d1e
                                                                                                                                                                                                                                                                    • Instruction ID: 784eda998ec88a1c5afd7fab7c09b23892247b48621d637395938aaf8878a05c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4181fa3a87c97a120d32fd2737ca3e25d23f6ecdd32d1657b68d5804232a8d1e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99011A36B09B87C1EB008F54E898AA833A4FB84B45F954032CA6D037B4CF7DDA49D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE76B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFB022300: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAED17F6), ref: 00007FFDFB02231A
                                                                                                                                                                                                                                                                    • ?idnWhitelist@QUrl@@SA?AVQStringList@@XZ.QT5CORE ref: 00007FFDFAEE76E7
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?idnList@@StringUrl@@Whitelist@malloc
                                                                                                                                                                                                                                                                    • String ID: QUrl$idnWhitelist$idnWhitelist() -> List[str]
                                                                                                                                                                                                                                                                    • API String ID: 3434690259-2426665902
                                                                                                                                                                                                                                                                    • Opcode ID: e49be367bd4b45d9c30a86d99aebbf428d9b6014c1bd0b4e8f4214b4ee09aa63
                                                                                                                                                                                                                                                                    • Instruction ID: 5d365de33ee050a4e62058a76038c351674aaf08bd1afaa09d1f67bbc3d770fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e49be367bd4b45d9c30a86d99aebbf428d9b6014c1bd0b4e8f4214b4ee09aa63
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7013625B0AA47C2EF409B55E864BB92360FF86B45F845035CA5E03BB8DE3CD509E700
                                                                                                                                                                                                                                                                    Function 00007FFDFB011C00 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDFB01258E,?,?,?,00007FFDFB00F0E2), ref: 00007FFDFB011C20
                                                                                                                                                                                                                                                                    • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFDFB011C50
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDFB011C5D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@NormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                                                                                                                                    • String ID: PyQt_PyObject
                                                                                                                                                                                                                                                                    • API String ID: 1134406281-1718684272
                                                                                                                                                                                                                                                                    • Opcode ID: 3e36fcd9b8d6572ef8d641598da520c1a4eb312c36f25bbbef9962f3deb9783c
                                                                                                                                                                                                                                                                    • Instruction ID: c50f52f4d9d1c818757fc48a263e91eeb541f32b3129f22ff68234d7406596be
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e36fcd9b8d6572ef8d641598da520c1a4eb312c36f25bbbef9962f3deb9783c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF03C71B1974382EB00CB14E8A0BA97370FB46395F945035EA9D836B8DF3CD509DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB910 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ?currentThreadThread@@
                                                                                                                                                                                                                                                                    • String ID: QThread$currentThreadId$currentThreadId() -> Optional[PyQt5.sip.voidptr]
                                                                                                                                                                                                                                                                    • API String ID: 4079597222-1360114049
                                                                                                                                                                                                                                                                    • Opcode ID: 0e3308a039b5811c9d1bcf894ad2767e4d1383143c3779d08649f61a137aae45
                                                                                                                                                                                                                                                                    • Instruction ID: 7029c489dd5cc0ed6cd77b580d86ae681845239e7f9bdcefe5fcb992ba94828b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e3308a039b5811c9d1bcf894ad2767e4d1383143c3779d08649f61a137aae45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF01D22B1AA47C1EF409B15E8647A933A0FB85B49F844072CA5E43BB8DF3CD159E740
                                                                                                                                                                                                                                                                    Function 00007FFDFB00F310 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00007FFE10256970,00007FFDFB012033,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FFDFB00F348
                                                                                                                                                                                                                                                                    • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00007FFE10256970,00007FFDFB012033,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FFDFB00F377
                                                                                                                                                                                                                                                                    • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00007FFE10256970,00007FFDFB012033,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FFDFB00F3D7
                                                                                                                                                                                                                                                                    • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,00007FFE10256970,00007FFDFB012033,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FFDFB00F3E5
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Array@@ByteData@@List$?detach@?dispose@Data@1@Data@1@@V0@@
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 133044862-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6160ed8f53cca2979c0d39aa4fa16202a46ed068836bc56a2bbefd556699e080
                                                                                                                                                                                                                                                                    • Instruction ID: feae9d1d140798771c73847856c3b8754677076851b5afc2fafe23244d540383
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6160ed8f53cca2979c0d39aa4fa16202a46ed068836bc56a2bbefd556699e080
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F218272B4AA4386DB208F15E5905ADA321FF45BE5B5C4221DB9E432B8CF2CD456D300
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4ED0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$DeallocFromItemLongLong_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2038545694-0
                                                                                                                                                                                                                                                                    • Opcode ID: 88e3e3054ff6206c2fa814a599d57493b3021fbf2c629c3261dd09fb36920063
                                                                                                                                                                                                                                                                    • Instruction ID: 82775d9e6feebca2197da7a79dd3e2906cead9c78b3f6d407887d09083edb605
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88e3e3054ff6206c2fa814a599d57493b3021fbf2c629c3261dd09fb36920063
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C216D72719A8285EB58DB25D5E4939A3A1FB44F81B069134DE1E83798DF2EE845C700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDFC50 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: List_$DeallocDoubleFloat_FromItem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1238897676-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2a190beb39ae2af89142a2a319069d5a4da7854c3c45816edc32da4975839387
                                                                                                                                                                                                                                                                    • Instruction ID: b3dccea558e6e16a048e5d6881c2183c8e1c8ada67ab106b957982c8b0a98a97
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a190beb39ae2af89142a2a319069d5a4da7854c3c45816edc32da4975839387
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C21C232B09A8285DB48DF29D19053DA3A1FB44B817188174CE1E43798DF39E4A1C700
                                                                                                                                                                                                                                                                    Function 00007FFDFB023350 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3d90b600762d8d7490d83b787e55742ac5874a5482e4361f42e9669cf58827ee
                                                                                                                                                                                                                                                                    • Instruction ID: 141531f6fdfc42be036f0726c2339a605514fe0867a5939e3e42b131241cfb56
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d90b600762d8d7490d83b787e55742ac5874a5482e4361f42e9669cf58827ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E113022B15F068AEB00CF60EC646B833A4FB59759F440E31DF6D867A8DF78E1989340
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDB720 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Err_Object$DeallocSys_$CallEnsureFetchObject_PrintRestoreState_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4246629506-0
                                                                                                                                                                                                                                                                    • Opcode ID: e752e68d0b0b1a0b50f0080218e4ed46adacb7ab271cf94f0b19cc9e7b46ee2f
                                                                                                                                                                                                                                                                    • Instruction ID: e74988763b1d857d45fa441bca99a0f92a69c179ceac3058f0d343ffe35f0abc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e752e68d0b0b1a0b50f0080218e4ed46adacb7ab271cf94f0b19cc9e7b46ee2f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F03C32F09A4282EB589B21E96483973A4EF89FD5B084130DE6F066ACDE3DD4859340
                                                                                                                                                                                                                                                                    Function 00007FFDFAED4420 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Object@@Thread@@$?current?delete?thread@Eval_Later@SaveThreadThread@
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2203365963-0
                                                                                                                                                                                                                                                                    • Opcode ID: 27ba671165b3b88c6fdda6c2b035f417e808a768c07535b8e5be804573b742a4
                                                                                                                                                                                                                                                                    • Instruction ID: 0f8851dc7bc3478ac1237a987b1399bcfec66914bf08c4608ece9ec0a0fa96d9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27ba671165b3b88c6fdda6c2b035f417e808a768c07535b8e5be804573b742a4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F06D25B0AA5281EB049B12A6245396721AB45FC2F184030DE6F03BA8CF7DD59A8740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED3270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocF@@@PointRectSizemalloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 2026738691-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: acacbe16da07923a9425baefcaa03eb8427ffb1f1fd99a24349282137cb848a1
                                                                                                                                                                                                                                                                    • Instruction ID: 5ff9a85764b19fb33aacad150ffdc5b2cb5c47f9451f4ef6bea48f2319ed213d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: acacbe16da07923a9425baefcaa03eb8427ffb1f1fd99a24349282137cb848a1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50418C22B09F8685DB52CF25E85076EA364FB89BC0F145232DE6E03BA8DF39D481C700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocPoint@@0@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 3166431398-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: 578a47a09d19e3f02aa13d62dcab7f7e071158f96c0b8e5b721852a6d84df961
                                                                                                                                                                                                                                                                    • Instruction ID: 90b975ab4f08002af39c4a3c534ff7a348c1a14d0b2205b100457e8bf02a9b1a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 578a47a09d19e3f02aa13d62dcab7f7e071158f96c0b8e5b721852a6d84df961
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD315E72B09A8686DB54CF19E494A6D73B0FB88B84F45403ADFAD437A8DF38D454DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE7EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocPoint@@0@Rect@@malloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 3166431398-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: e75b3b1a899264751d330dbd5099ddb4c3f6e66e2b4f7353bfb53a552424fb7b
                                                                                                                                                                                                                                                                    • Instruction ID: 6a4a53b0db3e4220a98b2ea5052dcc4a6cdf1c571eb5619b965967a26bcb8d91
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75b3b1a899264751d330dbd5099ddb4c3f6e66e2b4f7353bfb53a552424fb7b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3314D72B09A8686DB54CF19E4A4A6D73B0FB88B84F454039DF9D437A8DF38D454DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE6EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 8d4e73c807a6b4efdd859c877517c1ab9c604194e03ed7d899e8e913ed874e6e
                                                                                                                                                                                                                                                                    • Instruction ID: 99626e7284ae2304df72fe6d7b677be95f93bf7b56048690427cd7e2f67cee01
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d4e73c807a6b4efdd859c877517c1ab9c604194e03ed7d899e8e913ed874e6e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82313C37B0AB4286EB409F15E450578B3A0FB85B99F094071EE9D07BA8DF3DE882D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE4BA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 0dc1c38012c008bcc164822a82f2d9d121ed58234e4d33fb34926ce3468b267b
                                                                                                                                                                                                                                                                    • Instruction ID: a4439cbf86c3396d884b81b20556869d37498a3d7d9c44e4794e8bfbb16b5eb1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dc1c38012c008bcc164822a82f2d9d121ed58234e4d33fb34926ce3468b267b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86314137B0AB4786EB409B15E450978B3A0FB85B99F098075DE5D07BA8DF3DE886D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: af71c689eef1ea53a33c542716f92ae36ee2e56ee821d3882e3a9a9ecd119a5e
                                                                                                                                                                                                                                                                    • Instruction ID: 2a6c397c55d35c80bcd8867272efc93ccb5afe6d63d186121e8450084d7231aa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af71c689eef1ea53a33c542716f92ae36ee2e56ee821d3882e3a9a9ecd119a5e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6212F76B09B4282EB518F15E45096973A4FB88B95F044172EE5E03BB8DF3CD586D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAED73C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: 71f36435bed222223603da18f8398ded7bc627f83640b138544de5ff485c5bb0
                                                                                                                                                                                                                                                                    • Instruction ID: 93f290722e3d427e4132c216725cdde50774bbf7f72487220e37525ae3068105
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71f36435bed222223603da18f8398ded7bc627f83640b138544de5ff485c5bb0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0215076B0AB4282EB518F19E45056977A0FB88BD5F044136EE9E03BB8DF3CD456DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE3940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: 9cb363544d5cec581141377abafd56936dbd3b751e32a35493d361ac13abd8ee
                                                                                                                                                                                                                                                                    • Instruction ID: 2668e49f0c91f9b142f5634186be049600d4e244c3c110be818348e2e04286cc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cb363544d5cec581141377abafd56936dbd3b751e32a35493d361ac13abd8ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C216176B0AB4382EB418F15E45056977A0FB89B95F094132EE5E03BB8DF3CD496D740
                                                                                                                                                                                                                                                                    Function 00007FFDFAEE3500 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: 444efe30c2eb8c90dc8c6cb01c06a914d3c016fd4c59ca744b155f23b9058034
                                                                                                                                                                                                                                                                    • Instruction ID: 0ebb6d858dac5d6988ffd92c559f883741cf43cb3c2a8170c8601e4b46f48c7b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 444efe30c2eb8c90dc8c6cb01c06a914d3c016fd4c59ca744b155f23b9058034
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93214C76B0AB4282EB418F16E45456977A0FB88B95F084132EE5E03BB8DF3CD45ADB40
                                                                                                                                                                                                                                                                    Function 00007FFDFAED70D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J1
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                                                    • Opcode ID: b7b95bf12e4ea8bad854d7b9311f22bee1ad050b198cb41dbcfd4d38c4fc770d
                                                                                                                                                                                                                                                                    • Instruction ID: 47f9137ae2a14d196b0c1fe01013a8f066c32937c44b00f43044b110fd43f430
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7b95bf12e4ea8bad854d7b9311f22bee1ad050b198cb41dbcfd4d38c4fc770d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C215E76B0AB4382EB018F16E46056973A0FB88B95F044176EE9E03BB8DF3CD456DB00
                                                                                                                                                                                                                                                                    Function 00007FFDFAED53E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocRectV0@@malloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 3273914932-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: bc21049ba5404ed447220d91872cb9179c530088ab996a6cb6b2e2ee844f4618
                                                                                                                                                                                                                                                                    • Instruction ID: b094facba0ae0572df11433391e799848cfab1ceb99a066c851fd978c25a35a7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc21049ba5404ed447220d91872cb9179c530088ab996a6cb6b2e2ee844f4618
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8219C32B19B4282EB808B15F864A6D33A5FB88BC4F550132DE6E43BB8DE3DD5409710
                                                                                                                                                                                                                                                                    Function 00007FFDFAED5120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocRectV0@@malloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 3273914932-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: c8465c8e3bee20305cd7c2f63074bc32a19f22252bce933bfade34df10f88f19
                                                                                                                                                                                                                                                                    • Instruction ID: 9300e2ce7ef9e07631628387934d7a20f3c359a6dd281d259dad31470a6fea86
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8465c8e3bee20305cd7c2f63074bc32a19f22252bce933bfade34df10f88f19
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07216B32B19F4282EB408B1AE864A6D33A5FB88BC0F554136DE6E03BA8DE3DD5409710
                                                                                                                                                                                                                                                                    Function 00007FFDFAEEACB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DeallocRect@@V0@@malloc
                                                                                                                                                                                                                                                                    • String ID: J9J9
                                                                                                                                                                                                                                                                    • API String ID: 2009984094-2881787613
                                                                                                                                                                                                                                                                    • Opcode ID: 85faa91ee12210ec604f6b5a0a3bfbad52e2827e9a9126364af02094bcde9f4e
                                                                                                                                                                                                                                                                    • Instruction ID: 0f5513209df0545ee5e98746ce56e39c1c0fde0ecdf385139a0ba9b43c8c9039
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85faa91ee12210ec604f6b5a0a3bfbad52e2827e9a9126364af02094bcde9f4e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D218D32B19F46C2EB408B15E8A4A6D33A1FB88BC5F050135DE6E43BA8DE3CD8409700
                                                                                                                                                                                                                                                                    Function 00007FFDFAED2780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Bool_FromLong
                                                                                                                                                                                                                                                                    • String ID: 1J9
                                                                                                                                                                                                                                                                    • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                                                    • Opcode ID: 2cdfc0d0bd3b8cbe83b9bbe01c7588aea7f472055752579439eec4242ff188a4
                                                                                                                                                                                                                                                                    • Instruction ID: c2a3c984dcc31dacb51ad2f51c5a1c66b87e388ef8bd984c23884a1146bde22c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cdfc0d0bd3b8cbe83b9bbe01c7588aea7f472055752579439eec4242ff188a4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56213C3AB0DB8281EB408B55F45066AA360FB89BD4F084576EEAE13BACCF3DD145D700
                                                                                                                                                                                                                                                                    Function 00007FFDFAEDA800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.2443904905.00007FFDFAED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFAED0000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2443885073.00007FFDFAED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444084452.00007FFDFB024000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444183874.00007FFDFB0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444206500.00007FFDFB0C7000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444268297.00007FFDFB0C8000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444289251.00007FFDFB0C9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444352481.00007FFDFB0DA000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444373125.00007FFDFB0DC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444431949.00007FFDFB0DF000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444456233.00007FFDFB0F3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444510934.00007FFDFB100000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444531037.00007FFDFB105000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444589322.00007FFDFB107000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444608320.00007FFDFB108000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.2444626694.00007FFDFB10B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaed0000_y3x8pjQ1Ci.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FromLongLong_
                                                                                                                                                                                                                                                                    • String ID: QRect$y(self) -> int
                                                                                                                                                                                                                                                                    • API String ID: 2938811853-1139156533
                                                                                                                                                                                                                                                                    • Opcode ID: 6eb3c1e8449bb11e83c06f4557effa8449fd7cea5e279a7330bf0a7b9b11ae42
                                                                                                                                                                                                                                                                    • Instruction ID: c227fc9016ffc627a6578d571c6998b48bc2fa3ce7404fac998ab52facea2b9c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6eb3c1e8449bb11e83c06f4557effa8449fd7cea5e279a7330bf0a7b9b11ae42
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80012C36B09A47D1DB00DF51E858AA933A4FB44B45F954136CA6D037B4CF7DD64AD340